DATABASE RESOURCES PRICING ABOUT US

{"id": "THREATPOST:8D4EA8B0593FD44763915E703BC9AB72", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "Actively Exploited Windows Zero-Day Gets a Patch", "description": "Microsoft has patched 51 security vulnerabilities in its scheduled August Patch Tuesday update, including seven critical bugs, two issues that were publicly disclosed but unpatched until now, and one that\u2019s listed as a zero-day that has been exploited in the wild.\n\nOf note, there are 17 elevation-of-privilege (EoP) vulnerabilities, 13 remote code-execution (RCE) issues, eight information-disclosure flaws and two denial-of-service (DoS) bugs.\n\nThe update also includes patches for three more Print Spooler bugs, familiar from the PrintNightmare saga.\n\n[](<https://threatpost.com/infosec-insider-subscription-page/>)\n\n\u201cFortunately, it was a lighter month than usual,\u201d said Eric Feldman, senior product marketing manager at Automox, in a [Patch Tuesday analysis](<https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021>) from the vendor. \u201cThis represents a 56 percent reduction in overall vulnerabilities from July, and 33 percent fewer vulnerabilities on average for each month so far this year. We have also seen a similar reduction in critical vulnerabilities this month, with 30 percent less compared to the monthly average.\u201d\n\n## **Windows Critical Security Vulnerabilities**\n\nThe seven critical bugs [addressed in August](<https://msrc.microsoft.com/update-guide/>) are as follows:\n\n * CVE-2021-26424 \u2013 Windows TCP/IP RCE Vulnerability\n * CVE-2021-26432 \u2013 Windows Services for NFS ONCRPC XDR Driver RCE Vulnerability\n * CVE-2021-34480 \u2013 Scripting Engine Memory Corruption Vulnerability\n * CVE-2021-34530 \u2013 Windows Graphics Component RCE Vulnerability\n * CVE-2021-34534 \u2013 Windows MSHTML Platform RCE Vulnerability\n * CVE-2021-34535 \u2013 Remote Desktop Client RCE Vulnerability\n * CVE-2021-36936 \u2013 Windows Print Spooler RCE Vulnerability\n\nThe bug tracked as **CVE-2021-26424** exists in the TCP/IP protocol stack identified in Windows 7 and newer Microsoft operating systems, including servers.\n\n\u201cDespite its CVSS rating of 9.9, this may prove to be a trivial bug, but it\u2019s still fascinating,\u201d said Dustin Childs of Trend Micro\u2019s Zero Day Initiative (ZDI) in his [Tuesday analysis](<https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review>). \u201cAn attacker on a guest Hyper-V OS could execute code on the host Hyper-V server by sending a specially crafted IPv6 ping. This keeps it out of the wormable category. Still, a successful attack would allow the guest OS to completely take over the Hyper-V host. While not wormable, it\u2019s still cool to see new bugs in new scenarios being found in protocols that have been around for years.\u201d\n\nThe next bug, **CVE-2021-26432** in Windows Services, is more likely to be exploited given its low complexity status, according to Microsoft\u2019s advisory; it doesn\u2019t require privileges or user interaction to exploit, but Microsoft offered no further details.\n\n\u201cThis may fall into the \u2018wormable\u2019 category, at least between servers with NFS installed, especially since the open network computing remote procedure call (ONCRPC) consists of an External Data Representation (XDR) runtime built on the Winsock Kernel (WSK) interface,\u201d Childs said. \u201cThat certainly sounds like elevated code on a listening network service. Don\u2019t ignore this patch.\u201d\n\nAleks Haugom, product marketing manager at Automox, added, \u201cExploitation results in total loss of confidentiality across all devices managed by the same security authority. Furthermore, attackers can utilize it for denial-of-service attacks or to maliciously modify files. So far, no further details have been divulged by Microsoft or the security researcher (Liubenjin from Codesafe Team of Legendsec at Qi\u2019anxin Group) that discovered this vulnerability. Given the broad potential impact, its label \u2018Exploitation More Likely\u2019 and apparent secrecy, patching should be completed ASAP.\u201d\n\nMeanwhile, the memory-corruption bug (**CVE-2021-34480**) arises from how the scripting engine handles objects in memory, and it also allows RCE. Using a web-based attack or a malicious file, such as a malicious landing page or phishing email, attackers can use this vulnerability to take control of an affected system, install programs, view or change data, or create new user accounts with full user rights.\n\n\u201cCVE-2021-34480 should also be a priority,\u201d Kevin Breen, director of cyber-threat research at Immersive Labs, told Threatpost. \u201cIt is a low score in terms of CVSS, coming in at 6.8, but has been marked by Microsoft as \u2018Exploitation More Likely\u2019 because it is the type of attack commonly used to increase the success rate of spear phishing attacks to gain network access. Simple, but effective.\u201d\n\nThe Windows Graphic Component bug (**CVE-2021-34530**) allows attackers to remotely execute malicious code in the context of the current user, according to Microsoft \u2013 if they can social-engineer a target into opening a specially crafted file.\n\nAnother bug exists in the Windows MSHTML platform, also known as Trident (**CVE-2021-34534**). Trident is the rendering engine (mshtml.dll) used by Internet Explorer. The bug affects many Windows 10 versions (1607, 1809,1909, 2004, 20H2, 21H1) as well as Windows Server 2016 and 2019.\n\nBut while it potentially affects a large number of users, exploitation is not trivial.\n\n\u201cTo exploit, a threat actor would need to pull off a highly complex attack with user interaction \u2013 still entirely possible with the sophisticated attackers of today,\u201d said Peter Pflaster, technical product marketing manager at Automox.\n\nThe bug tracked as **CVE-2021-34535** impacts the Microsoft Remote Desktop Client, Microsoft\u2019s nearly ubiquitous utility for connecting to remote PCs.\n\n\u201cWith today\u2019s highly dispersed workforce, CVE-2021-34535, an RCE vulnerability in Remote Desktop Clients, should be a priority patch,\u201d said Breen. \u201cAttackers increasingly use RDP access as the tip of the spear to gain network access, often combining it with privilege escalation to move laterally. These can be powerful as, depending on the method, it may allow the attacker to authenticate in the network in the same way a user would, making detection difficult.\u201d\n\nIt\u2019s not as dangerous of a bug [as BlueKeep,](<https://threatpost.com/one-million-devices-open-to-wormable-microsoft-bluekeep-flaw/145113/>) according to Childs, which also affected RDP.\n\n\u201cBefore you start having flashbacks to BlueKeep, this bug affects the RDP client and not the RDP server,\u201d he said. \u201cHowever, the CVSS 9.9 bug is nothing to ignore. An attacker can take over a system if they can convince an affected RDP client to connect to an RDP server they control. On Hyper-V servers, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer. This is the more likely scenario and the reason you should test and deploy this patch quickly.\u201d\n\n## **Windows Print Spooler Bugs \u2013 Again**\n\nThe final critical bug is **CVE-2021-36936**, a Windows Print Spooler RCE bug that\u2019s listed as publicly known.\n\nPrint Spooler made headlines last month, when Microsoft patched what it thought was a minor elevation-of-privilege vulnerability in the service (CVE-2021-1675). But the listing was updated later in the week, after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE \u2013 [requiring a new patch](<https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/>).\n\nIt also disclosed a second bug, similar to PrintNightmare (CVE-2021-34527); and a third, [an EoP issue](<https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/>) ([CVE-2021-34481](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>)).\n\n\u201cAnother month, another remote code-execution bug in the Print Spooler,\u201d said ZDI\u2019s Childs. \u201cThis bug is listed as publicly known, but it\u2019s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own. There are quite a few print-spooler bugs to keep track of. Either way, attackers can use this to execute code on affected systems. Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this critical-rated bug.\u201d\n\nThe critical vulnerability is just one of three Print Spooler issues in the August Patch Tuesday release.\n\n\u201cThe specter of the PrintNightmare continues to haunt this patch Tuesday with three more print spooler vulnerabilities, CVE-2021-36947, CVE-2021-36936 and CVE-2021-34481,\u201d said Breen. \u201cAll three are listed as RCE over the network, requiring a low level of access, similar to PrintNightmare. Microsoft has marked these as \u2018Exploitation More Likely\u2019 which, if the previous speed of POC code being published is anything to go by, is certainly true.\u201d\n\n## **RCE Zero-Day in Windows Update Medic Service **\n\nThe actively exploited bug is tracked as **CVE-2021-36948** and is rated as important; it could pave the way for RCE via the Windows Update Medic Service in Windows 10 and Server 2019 and newer operating systems.\n\n\u201cUpdate Medic is a new service that allows users to repair Windows Update components from a damaged state such that the device can continue to receive updates,\u201d Automox\u2019 Jay Goodman explained. \u201cThe exploit is both low complexity and can be exploited without user interaction, making this an easy vulnerability to include in an adversary\u2019s toolbox.\u201d\n\nImmersive\u2019s Breen added, \u201cCVE-2021-36948 is a privilege-escalation vulnerability \u2013 the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts. In the case of ransomware attacks, they have also been used to ensure maximum damage.\u201d\n\nThough the bug is being reported as being exploited in the wild by Microsoft, activity appears to remain limited or targeted: \u201cWe have seen no evidence of it at Kenna Security at this time,\u201d Jerry Gamblin, director of security research at Kenna Security (now part of Cisco) told Threatpost.\n\n## **Publicly Known Windows LSA Spoofing Bug**\n\nThe second publicly known bug (after the Print Spooler issue covered earlier) is tracked as **CVE-2021-36942**, and it\u2019s an important-rated Windows LSA (Local Security Authority) spoofing vulnerability.\n\n\u201cIt fixes a flaw that could be used to steal NTLM hashes from a domain controller or other vulnerable host,\u201d Immersive\u2019s Breen said. \u201cThese types of attacks are well known for lateral movement and privilege escalation, as has been demonstrated recently by a [new exploit called PetitPotam](<https://threatpost.com/microsoft-petitpotam-poc/168163/>). It is a post-intrusion exploit \u2013 further down the attack chain \u2013 but still a useful tool for attackers.\u201d\n\nChilds offered a bit of context around the bug.\n\n\u201cMicrosoft released this patch to further protect against NTLM relay attacks by issuing this update to block the LSARPC interface,\u201d he said. \u201cThis will impact some systems, notably Windows Server 2008 SP2, that use the EFS API OpenEncryptedFileRawA function. You should apply this to your Domain Controllers first and follow the additional guidance in [ADV210003](<https://msrc.microsoft.com/update-guide/vulnerability/ADV210003>) and [KB5005413](<https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429>). This has been an ongoing issue since 2009, and, likely, this isn\u2019t the last we\u2019ll hear of this persistent issue.\u201d\n\nMicrosoft\u2019s next Patch Tuesday will fall on September 14.\n\nWorried about where the next attack is coming from? We\u2019ve got your back. **[REGISTER NOW](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)** for our upcoming live webinar, How to **Think Like a Threat Actor**, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on **[Aug. 17 at 11AM EST for this LIVE discussion](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)**.\n", "published": "2021-08-10T21:17:58", "modified": "2021-08-10T21:17:58", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "https://threatpost.com/exploited-windows-zero-day-patch/168539/", "reporter": "Tara Seals", "references": ["https://threatpost.com/infosec-insider-subscription-page/", "https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021", "https://msrc.microsoft.com/update-guide/", "https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review", "https://threatpost.com/one-million-devices-open-to-wormable-microsoft-bluekeep-flaw/145113/", "https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/", "https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/", "https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872", "https://threatpost.com/microsoft-petitpotam-poc/168163/", "https://msrc.microsoft.com/update-guide/vulnerability/ADV210003", "https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429", "https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar", "https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar"], "cvelist": ["CVE-2021-1675", "CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "immutableFields": [], "lastseen": "2021-08-11T19:56:07", "viewCount": 725, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:1196BAF9-A467-480D-A40C-F3E93D5888D6", "AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "AKB:9ADF44D2-FA0D-4643-8B97-8B46983B6917", "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9", "AKB:D92D1688-7724-40C4-AD86-DF44F4611D40"]}, {"type": "avleonov", "idList": ["AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "AVLEONOV:3530747E605445686B7211B2B0853579", "AVLEONOV:36BA0DE03DB6F8D0C96B6861C9A07473", "AVLEONOV:8FE7F4C2B563A2A88EB2DA8822A13824", "AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "cert", "idList": ["VU:131152", "VU:383432", "VU:405600"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0465", "CPAI-2021-0487", "CPAI-2021-0490", "CPAI-2021-0491", "CPAI-2021-0493", "CPAI-2021-0508"]}, {"type": "cisa", "idList": ["CISA:1AD0E0C2A1CB165DDD5F6A0F4C21101D", "CISA:367C27124C09604830E0725F5F3123F7", "CISA:4F4185688CEB9B9416A98FE75E7AFE02", "CISA:6C836D217FB0329B2D68AD71789D1BB0", "CISA:91DA945EA20AF1A221FDE02A2D9CE315"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-1675", "CISA-KEV-CVE-2021-34527", "CISA-KEV-CVE-2021-36942", "CISA-KEV-CVE-2021-36948"]}, {"type": "cnvd", "idList": ["CNVD-2022-10025", "CNVD-2022-10026"]}, {"type": "cve", "idList": ["CVE-2021-1675", "CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948", "CVE-2021-36958"]}, {"type": "githubexploit", "idList": ["0263BC36-BEB1-519B-965B-52D9E6AB116F", "0BB19334-D311-5464-B40B-7B27A0AD8825", "14B62DA4-FBC4-5B89-AB9F-9F8E3505AFAD", "17B904FB-7F3D-54F1-B1B5-069C67184EE5", "1883DF48-6A75-5743-AC93-56292D93A794", "19D705F8-AE98-5DD9-BC4E-CDC0497FB840", "1E42289A-77F8-55A2-B85E-83CAA00CE951", "21F83D93-118D-50C7-A5C0-B2069237666E", "272E1B9F-32B1-5E4A-A0A9-44AC16DA37DB", "2A12C3BB-2A75-5B33-AE9B-348DB656AC81", "3399B834-8492-5C0C-AA14-7F120BA37AF6", "3D6A6F0D-C38E-5819-A3A7-817A49825CBE", "3DC96731-93EE-5FF0-9AC3-C472059DC1AF", "436B5B97-EF58-5F05-B611-815DDEF67B8A", "4749D0AA-8CE9-53E3-8EFF-E818FDC61B24", "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "4E279194-AC85-5607-A943-AC23EADADEF7", "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "5E52E412-B5BA-54D6-92C1-F70C151A8199", "645DABC8-04DA-51BF-A20F-68F611D2D666", "64AAF745-D50D-575C-B3FF-A09072475502", "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "8542D571-7253-5609-BC52-CBCB5F40929A", "86F04665-0984-596F-945A-3CA176A53057", "895FF449-0383-5007-9352-FABB3E8BD54C", "8EDE916A-F04B-59F0-A88D-13DEF969DC00", "98CA9A39-577D-51F2-B8B9-B20E80D94173", "98CEA984-CF02-58F6-91D5-967F8D36F94A", "9A318669-DAF8-50FF-A5DF-E390E0386254", "9CC224C9-907A-5219-8EFD-A94F15DE0ADD", "A66D9AD7-B29D-5C48-B247-D8ACFCAE9BC7", "AAD37CB5-B2C3-5908-B0D3-052CF47F6D25", "AD904001-0962-5826-AD78-253E0FB3B7B7", "AF2B8EF5-A739-53BD-8B8D-04A8C441268C", "B03B4134-B4C9-5B2D-BA55-EEEA540389F4", "B26A6295-2D2D-508F-B94C-38B6944F8A1F", "B3985759-BBD2-5956-860D-E6361564C262", "B8D9E2C0-202B-5806-88D2-B0E797582618", "BB9DA286-F06B-5A55-B344-1196B32F3C2B", "BDFBDA81-0DEB-5523-B538-F23C3B524986", "C6AE3BFC-9BBB-5327-8845-C88ABB6FEE40", "C841D92F-11E1-5077-AE70-CA2FEF0BC96E", "CD2BFDFF-9EBC-5C8F-83EC-62381CD9BCD5", "D089579B-4420-5AD5-999F-45063D972E66", "D21805C7-F04C-57A9-8A40-84CEEB7695BC", "DF28DCE7-CCFF-5653-81BA-719525BE09AD", "E235B3DF-990F-5508-9496-90462B45125D", "E601A788-C87D-5DD7-98BA-A68C2FEDE978", "E7D3FB75-54DE-5CD8-83D6-438BFC7CFA74", "E82ECEEF-07B8-5340-BAC6-FA5B0E964772", "EA908F34-E282-522D-A0C0-E6D40C0621CD", "F1347375-6380-5145-9881-486B76875649", "F1B229EB-2178-53B9-839E-BA0B916376A2", "F1C20A6A-5492-50FE-BB94-25D35B1459EC", "F92F972D-7309-5D0B-BCC2-054883AE83E9", "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "FF761088-559C-5E71-A5CD-196D4E4571B8", "FF81AF93-C247-5242-810E-AA1201C16776", "FFBC2747-5957-57B1-9DD9-AB2BAFCB7BD6"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:3A510C521DE8145372456D2B0FE8C8E5", "GOOGLEPROJECTZERO:3B4F7E79DDCD0AFF3B9BB86429182DCA", "GOOGLEPROJECTZERO:C8077AF60F0E22ECAD33F23194C38BB6", "GOOGLEPROJECTZERO:CA925EE6A931620550EF819815B14156"]}, {"type": "hivepro", "idList": ["HIVEPRO:1BBAC0CD5F3681EC49D06BE85DC90A92", "HIVEPRO:1C413EFAC97AED19F9E35574668008F9", "HIVEPRO:8D09682ECAC92A6EA4B81D42F45F0233", "HIVEPRO:8DA601C83DB9C139357327C06B06CB36", "HIVEPRO:C0B03D521C5882F1BE07ECF1550A5F74", "HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5"]}, {"type": "ics", "idList": ["AA22-074A", "AA22-117A", "AA22-249A", "AA22-249A-0"]}, {"type": "kaspersky", "idList": ["KLA12198", "KLA12202", "KLA12213", "KLA12214", "KLA12231", "KLA12246", "KLA12250", "KLA12259"]}, {"type": "kitploit", "idList": ["KITPLOIT:1358590931647264988", "KITPLOIT:232707789076746523"]}, {"type": "krebs", "idList": ["KREBS:3CC49021549439F95A2EDEB2029CF54E", "KREBS:5FA70C019AB463F5E02A97C6891685D8", "KREBS:831FD0B726B800B2995A68BA50BD8BE3", "KREBS:AE87E964E683A56CFE4E51E96F3530AD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "MALWAREBYTES:DB34937B6474073D9444648D34438225"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT-WINDOWS-DCERPC-CVE_2021_1675_PRINTNIGHTMARE-"]}, {"type": "mmpc", "idList": ["MMPC:85647D37E79AFEF2BFF74B4682648C5E"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1675", "MS:CVE-2021-26424", "MS:CVE-2021-26432", "MS:CVE-2021-34480", "MS:CVE-2021-34481", "MS:CVE-2021-34527", "MS:CVE-2021-34530", "MS:CVE-2021-34534", "MS:CVE-2021-34535", "MS:CVE-2021-36936", "MS:CVE-2021-36942", "MS:CVE-2021-36947", "MS:CVE-2021-36948"]}, {"type": "mskb", "idList": ["KB5004945", "KB5004946", "KB5004947", "KB5004948", "KB5004950", "KB5004951", "KB5004953", "KB5004954", "KB5004955", "KB5004956", "KB5004958", "KB5004959", "KB5004960", "KB5005030", "KB5005031", "KB5005033", "KB5005036", "KB5005040", "KB5005043", "KB5005076", "KB5005088", "KB5005089", "KB5005090", "KB5005094", "KB5005095", "KB5005099", "KB5005106", "KB5005606", "KB5005607", "KB5005613", "KB5005615", "KB5005618", "KB5005623", "KB5005627", "KB5005633"]}, {"type": "msrc", "idList": ["MSRC:236F052536DCDE6A90F408B759E221BC", "MSRC:239E65C8BEB88185329D9990C80B10DF", "MSRC:8DDE6C6C2CBC080233B7C0F929E83062", "MSRC:90189138D61770FDBFA4D6BFCF043C7F", "MSRC:CB3C49E52425E7C1B0CFB151C6D488A4", "MSRC:D3EB0B723121A9028F60C06787605F29"]}, {"type": "mssecure", "idList": ["MSSECURE:85647D37E79AFEF2BFF74B4682648C5E"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_AUG_5005030.NASL", "SMB_NT_MS21_AUG_5005031.NASL", "SMB_NT_MS21_AUG_5005033.NASL", "SMB_NT_MS21_AUG_5005040.NASL", "SMB_NT_MS21_AUG_5005043.NASL", "SMB_NT_MS21_AUG_5005089.NASL", "SMB_NT_MS21_AUG_5005094.NASL", "SMB_NT_MS21_AUG_5005095.NASL", "SMB_NT_MS21_AUG_5005106.NASL", "SMB_NT_MS21_AUG_INTERNET_EXPLORER.NASL", "SMB_NT_MS21_AUG_RDC.NASL", "SMB_NT_MS21_JUL_5004945.NASL", "SMB_NT_MS21_JUL_5004946.NASL", "SMB_NT_MS21_JUL_5004947.NASL", "SMB_NT_MS21_JUL_5004948.NASL", "SMB_NT_MS21_JUL_5004950.NASL", "SMB_NT_MS21_JUL_5004951.NASL", "SMB_NT_MS21_JUL_5004958.NASL", "SMB_NT_MS21_JUL_5004959.NASL", "SMB_NT_MS21_JUL_5004960.NASL", "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "SMB_NT_MS21_JUN_5003635.NASL", "SMB_NT_MS21_JUN_5003637.NASL", "SMB_NT_MS21_JUN_5003638.NASL", "SMB_NT_MS21_JUN_5003646.NASL", "SMB_NT_MS21_JUN_5003681.NASL", "SMB_NT_MS21_JUN_5003687.NASL", "SMB_NT_MS21_JUN_5003694.NASL", "SMB_NT_MS21_JUN_5003695.NASL", "SMB_NT_MS21_JUN_5003697.NASL", "WINDOWS_PETITPOTAM.NBIN", "WINDOWS_RESTRICTDRIVERINSTALLATIONTOADMINISTRATORS_REG_CHECK.NASL"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:167261"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:0F0ACCA731E84F3B1067935E483FC950", "QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "QUALYSBLOG:485C0D608A0A8288FF38D618D185D2A2", "QUALYSBLOG:5A5094DBFA525D07EBC3EBA036CDF81A", "QUALYSBLOG:6652DB89D03D8AA145C2F888B5590E3F", "QUALYSBLOG:9E3CACCA2916D132C2D630A8C15119F3", "QUALYSBLOG:A0F20902D80081B44813D92C6DCCDAAF", "QUALYSBLOG:A730164ABD0AA0A58D62EAFAB48628AD", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "QUALYSBLOG:CD2337322AF45A03293696D535E4CBF8", "QUALYSBLOG:EB91FABB1A5D9C2526980E996ED61260", "QUALYSBLOG:EBDC158D70A96D1C65D2AEE5C285A069"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:03B1EB65D8A7CFE486943E2472225BA1", "RAPID7BLOG:24E0BE5176F6D3963E1824AD4A55019E", "RAPID7BLOG:45A121567763FF457DE6E50439C2605A", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:57AB78EC625B6F8060F1E6BD668BDD0C", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:8882BFA669B38BCF7B5A8A26F657F735", "RAPID7BLOG:8DADA7B6B3B1BA6ED3D6EDBA37A79204", "RAPID7BLOG:9171BB636F16B6AC97B939C701ABE971", "RAPID7BLOG:A7E1C05842DF5C07D9B1BA23B2235727", "RAPID7BLOG:D1C9D661B6FC47BE44B8FBB6E1D49AD5", "RAPID7BLOG:D214650E6EFB584624DA76ACB1573C1B", "RAPID7BLOG:D9E3C0B84D67BD0A26DEAD5F6F4EAAC4", "RAPID7BLOG:DE426F8A59CA497BB6C0B90C0F1849CD", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C", "RAPID7BLOG:F9B4F18ABE4C32CD54C3878DD17A8630"]}, {"type": "securelist", "idList": ["SECURELIST:0C07A61E6D92865F5B58728A60866991", "SECURELIST:830DE5B1B5EBB6AEE4B12EF66AD749F9", "SECURELIST:86368EF0EA7DAA3D2AB20E0597A62656", "SECURELIST:BB0230F9CE86B3F1994060AA0A809C08", "SECURELIST:C540EBB7FD8B7FB9E54E119E88DB5C48"]}, {"type": "seebug", "idList": ["SSV:99276"]}, {"type": "talosblog", "idList": ["TALOSBLOG:44F665C3D577FC52EF671E9C0CB1750F", "TALOSBLOG:8CDF0A62E30713225D10811E0E977C1D"]}, {"type": "thn", "idList": ["THN:10A732F6ED612DC7431BDC9A3CEC3A29", "THN:3F83D0C001F2A9046C61A56F5ABE7695", "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "THN:6428957E9DED493169A2E63839F98667", "THN:849B821D3503018DA38FAFFBC34DAEBB", "THN:9CE630030E0F3E3041E633E498244C8D", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:A52CF43B8B04C0A2F8413E17698F9308", "THN:C2D8045AAD8E4BA5A9168782138B6D52", "THN:CAFA6C5C5A34365636215CFD7679FD50", "THN:CF5E93184467C7B8F56A517CE724ABCF", "THN:DFA2CC41C78DFA4BED87B1410C21CE2A", "THN:EDD5C9F076596EB9D13D36268BDBFAD1", "THN:F35E41E26872B23A7F620C6D8F7E2334", "THN:F601EBBE359B3547B8E79F0217562FEF"]}, {"type": "threatpost", "idList": ["THREATPOST:500777B41EEA368E3AC2A6AED65C4A25", "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "THREATPOST:827A7E3B49365A0E49A11A05A5A29192", "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:A8242348917526090B7A1B23735D5C6C", "THREATPOST:ADA9E95C8FD42722E783C74443148525", "THREATPOST:B7A9B20B1E9413BB675D8C2810F1365F", "THREATPOST:EED27183B3F49112A9E785EA56534781"]}, {"type": "trellix", "idList": ["TRELLIX:ED6978182DFD9CD1EA1E539B1EDABE6C"]}]}, "score": {"value": 0.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:1196BAF9-A467-480D-A40C-F3E93D5888D6", "AKB:7575B82F-7B7A-4416-B1AA-B8A2DF4D0800", "AKB:9ADF44D2-FA0D-4643-8B97-8B46983B6917", "AKB:CDA9C43E-015D-4B04-89D3-D6CABC5729B9"]}, {"type": "avleonov", "idList": ["AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "AVLEONOV:3530747E605445686B7211B2B0853579", "AVLEONOV:9D3D76F4CC74C7ABB8000BC6AFB2A2CE"]}, {"type": "canvas", "idList": ["BLUEKEEP"]}, {"type": "cert", "idList": ["VU:131152", "VU:383432", "VU:405600"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0465", "CPAI-2021-0487", "CPAI-2021-0490", "CPAI-2021-0491", "CPAI-2021-0493", "CPAI-2021-0508"]}, {"type": "cisa", "idList": ["CISA:367C27124C09604830E0725F5F3123F7", "CISA:4F4185688CEB9B9416A98FE75E7AFE02", "CISA:6C836D217FB0329B2D68AD71789D1BB0"]}, {"type": "cve", "idList": ["CVE-2021-1675", "CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"]}, {"type": "githubexploit", "idList": ["0263BC36-BEB1-519B-965B-52D9E6AB116F", "0BB19334-D311-5464-B40B-7B27A0AD8825", "17B904FB-7F3D-54F1-B1B5-069C67184EE5", "1883DF48-6A75-5743-AC93-56292D93A794", "19D705F8-AE98-5DD9-BC4E-CDC0497FB840", "1E42289A-77F8-55A2-B85E-83CAA00CE951", "272E1B9F-32B1-5E4A-A0A9-44AC16DA37DB", "2A12C3BB-2A75-5B33-AE9B-348DB656AC81", "3399B834-8492-5C0C-AA14-7F120BA37AF6", "3D6A6F0D-C38E-5819-A3A7-817A49825CBE", "4A3F2A96-B727-5EF1-B1C1-FE041BA02E28", "4E279194-AC85-5607-A943-AC23EADADEF7", "5AE71695-062E-5DBA-9A16-69BD0C7D1384", "5E52E412-B5BA-54D6-92C1-F70C151A8199", "645DABC8-04DA-51BF-A20F-68F611D2D666", "64AAF745-D50D-575C-B3FF-A09072475502", "7C3B421E-ED99-5C5F-B2BA-4418307C0EBF", "8542D571-7253-5609-BC52-CBCB5F40929A", "895FF449-0383-5007-9352-FABB3E8BD54C", "8EDE916A-F04B-59F0-A88D-13DEF969DC00", "98CA9A39-577D-51F2-B8B9-B20E80D94173", "98CEA984-CF02-58F6-91D5-967F8D36F94A", "9A318669-DAF8-50FF-A5DF-E390E0386254", "9CC224C9-907A-5219-8EFD-A94F15DE0ADD", "A66D9AD7-B29D-5C48-B247-D8ACFCAE9BC7", "AAD37CB5-B2C3-5908-B0D3-052CF47F6D25", "B03B4134-B4C9-5B2D-BA55-EEEA540389F4", "B26A6295-2D2D-508F-B94C-38B6944F8A1F", "B3985759-BBD2-5956-860D-E6361564C262", "B8D9E2C0-202B-5806-88D2-B0E797582618", "BB9DA286-F06B-5A55-B344-1196B32F3C2B", "BDFBDA81-0DEB-5523-B538-F23C3B524986", "C6AE3BFC-9BBB-5327-8845-C88ABB6FEE40", "C841D92F-11E1-5077-AE70-CA2FEF0BC96E", "CD2BFDFF-9EBC-5C8F-83EC-62381CD9BCD5", "D089579B-4420-5AD5-999F-45063D972E66", "D21805C7-F04C-57A9-8A40-84CEEB7695BC", "DF28DCE7-CCFF-5653-81BA-719525BE09AD", "E235B3DF-990F-5508-9496-90462B45125D", "E601A788-C87D-5DD7-98BA-A68C2FEDE978", "E7D3FB75-54DE-5CD8-83D6-438BFC7CFA74", "E82ECEEF-07B8-5340-BAC6-FA5B0E964772", "F1347375-6380-5145-9881-486B76875649", "F1B229EB-2178-53B9-839E-BA0B916376A2", "F1C20A6A-5492-50FE-BB94-25D35B1459EC", "F92F972D-7309-5D0B-BCC2-054883AE83E9", "FBC9D472-5E25-508D-AB6E-B3197FCFED2D", "FF761088-559C-5E71-A5CD-196D4E4571B8", "FFBC2747-5957-57B1-9DD9-AB2BAFCB7BD6"]}, {"type": "googleprojectzero", "idList": ["GOOGLEPROJECTZERO:C8077AF60F0E22ECAD33F23194C38BB6"]}, {"type": "hivepro", "idList": ["HIVEPRO:1BBAC0CD5F3681EC49D06BE85DC90A92", "HIVEPRO:1C413EFAC97AED19F9E35574668008F9", "HIVEPRO:C0B03D521C5882F1BE07ECF1550A5F74", "HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5"]}, {"type": "kaspersky", "idList": ["KLA12198", "KLA12202", "KLA12213", "KLA12214", "KLA12231", "KLA12246", "KLA12250", "KLA12259"]}, {"type": "kitploit", "idList": ["KITPLOIT:1358590931647264988"]}, {"type": "krebs", "idList": ["KREBS:3CC49021549439F95A2EDEB2029CF54E", "KREBS:831FD0B726B800B2995A68BA50BD8BE3"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:42218FB85F05643E0B2C2C7D259EFEB5", "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "MALWAREBYTES:DB34937B6474073D9444648D34438225"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/MSFT-CVE-2021-34527/"]}, {"type": "mscve", "idList": ["MS:CVE-2021-1675", "MS:CVE-2021-34481", "MS:CVE-2021-34527"]}, {"type": "mskb", "idList": ["KB5004945", "KB5005033"]}, {"type": "msrc", "idList": ["MSRC:239E65C8BEB88185329D9990C80B10DF", "MSRC:CB3C49E52425E7C1B0CFB151C6D488A4"]}, {"type": "nessus", "idList": ["SMB_NT_MS21_JUL_5004945.NASL", "SMB_NT_MS21_JUL_5004946.NASL", "SMB_NT_MS21_JUL_5004947.NASL", "SMB_NT_MS21_JUL_5004948.NASL", "SMB_NT_MS21_JUL_5004950.NASL", "SMB_NT_MS21_JUL_5004951.NASL", "SMB_NT_MS21_JUL_5004958.NASL", "SMB_NT_MS21_JUL_5004959.NASL", "SMB_NT_MS21_JUL_5004960.NASL", "SMB_NT_MS21_JUL_CVE-2021-34527_REG_CHECK.NASL", "WINDOWS_PETITPOTAM.NBIN"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:12BC089A56EB28CFD168EC09B070733D", "QUALYSBLOG:23EF75126B24C22C999DAD4D7A2E9DF5", "QUALYSBLOG:485C0D608A0A8288FF38D618D185D2A2"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:03B1EB65D8A7CFE486943E2472225BA1", "RAPID7BLOG:45A121567763FF457DE6E50439C2605A", "RAPID7BLOG:4B35B23167A9D5E016537F6A81E4E9D4", "RAPID7BLOG:5CDF95FB2AC31414FD390E0E0A47E057", "RAPID7BLOG:8DADA7B6B3B1BA6ED3D6EDBA37A79204", "RAPID7BLOG:D9E3C0B84D67BD0A26DEAD5F6F4EAAC4", "RAPID7BLOG:E44F025D612AC4EA5DF9F2B56FF8680C"]}, {"type": "securelist", "idList": ["SECURELIST:0C07A61E6D92865F5B58728A60866991"]}, {"type": "seebug", "idList": ["SSV:99276"]}, {"type": "talosblog", "idList": ["TALOSBLOG:44F665C3D577FC52EF671E9C0CB1750F", "TALOSBLOG:8CDF0A62E30713225D10811E0E977C1D"]}, {"type": "thn", "idList": ["THN:10A732F6ED612DC7431BDC9A3CEC3A29", "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "THN:6428957E9DED493169A2E63839F98667", "THN:9CE630030E0F3E3041E633E498244C8D", "THN:9FD8A70F9C17C3AF089A104965E48C95", "THN:C2D8045AAD8E4BA5A9168782138B6D52", "THN:CAFA6C5C5A34365636215CFD7679FD50", "THN:CF5E93184467C7B8F56A517CE724ABCF", "THN:EDD5C9F076596EB9D13D36268BDBFAD1"]}, {"type": "threatpost", "idList": ["THREATPOST:050A36E6453D4472A2734DA342E95366", "THREATPOST:62A15BEBBD95FBF8704B78058BF030F1", "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "THREATPOST:98D815423018872E6E596DAA8131BF3F", "THREATPOST:A8242348917526090B7A1B23735D5C6C", "THREATPOST:EED27183B3F49112A9E785EA56534781"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-1675", "epss": "0.968880000", "percentile": "0.994750000", "modified": "2023-03-17"}, {"cve": "CVE-2021-26424", "epss": "0.012610000", "percentile": "0.834980000", "modified": "2023-03-17"}, {"cve": "CVE-2021-26432", "epss": "0.012610000", "percentile": "0.834980000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34480", "epss": "0.813640000", "percentile": "0.977710000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34481", "epss": "0.001190000", "percentile": "0.443290000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34527", "epss": "0.970380000", "percentile": "0.995570000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34530", "epss": "0.003670000", "percentile": "0.681480000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34534", "epss": "0.005240000", "percentile": "0.733450000", "modified": "2023-03-17"}, {"cve": "CVE-2021-34535", "epss": "0.014450000", "percentile": "0.845950000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36936", "epss": "0.012610000", "percentile": "0.834980000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36942", "epss": "0.903690000", "percentile": "0.982070000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36947", "epss": "0.016670000", "percentile": "0.856900000", "modified": "2023-03-17"}, {"cve": "CVE-2021-36948", "epss": "0.001340000", "percentile": "0.467840000", "modified": "2023-03-17"}], "vulnersScore": 0.1}, "_state": {"dependencies": 1678920471, "score": 1684008354, "epss": 1679107841}, "_internal": {"score_hash": "3564fbe06ba37a4ef1c718ceef758e94"}}

{"hivepro": [{"lastseen": "2021-08-23T15:19:10", "description": "#### THREAT LEVEL: Red.\n\nFor a detailed advisory, [download the pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/08/TA202129.pdf>)\n\nMultiple vulnerabilities have been patched by Microsoft in August 2021 Patch Tuesday. Three of them have been labeled as zero-day vulnerabilities (CVE-2021-36936, CVE-2021-36942, and CVE-2021-36948). One of them (CVE-2021-36948) has already been exploited in the wild. The attacker is yet to be identified. Microsoft has classified six vulnerabilities as critical, and patches for all of them are now available.\n\n#### Vulnerability Details\n\n \n\n#### Patch Links\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34530>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34534>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26432>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34480>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36942>\n\n#### References\n\n<https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2021-patch-tuesday-fixes-3-zero-days-44-flaws/>", "cvss3": {}, "published": "2021-08-11T13:25:48", "type": "hivepro", "title": "Critical Vulnerabilities revealed in Microsoft\u2019s Patch Tuesday", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34480", "CVE-2021-34530", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-11T13:25:48", "id": "HIVEPRO:1BBAC0CD5F3681EC49D06BE85DC90A92", "href": "https://www.hivepro.com/critical-vulnerabilities-revealed-in-microsofts-patch-tuesday/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-23T15:19:10", "description": "#### THREAT LEVEL: Red.\n\nFor a detailed advisory, [download the ](<https://www.hivepro.com/wp-content/uploads/2021/06/TA202120.pdf>)[pdf file here.](<https://www.hivepro.com/wp-content/uploads/2021/07/TA202122.pdf>)\n\nAttackers have been targeting Windows Print Spooler services for almost 2 months now. It started with the vulnerability(CVE-2021-1675) being exploited in the wild. Soon a patch was released for the same. It was after 2 days that Microsoft found out that there exist another vulnerability which gives the attacker an access to execute a code in the victim\u2019s system. This new vulnerability(CVE-2021-34527) has been named as PrintNightmare. An emergency patch has been released by Microsoft for some of the versions and a workflow as been made available for other versions.\n\n#### Vulnerability Details\n\n\n\n#### Patch Links\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1675>\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>\n\n#### References\n\n<https://securelist.com/quick-look-at-cve-2021-1675-cve-2021-34527-aka-printnightmare/103123/>\n\n<https://attackerkb.com/topics/MIHLz4sY3s/cve-2021-34527-printnightmare?referrer=notificationEmail#rapid7-analysis>\n\n<https://www.kaspersky.com/blog/printnightmare-vulnerability/40520/>", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-08T13:50:55", "type": "hivepro", "title": "Emergency patches have been released by Microsoft for PrintNightmare", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-08T13:50:55", "id": "HIVEPRO:E7E537280075DE5C0B002F1AF44BE1C5", "href": "https://www.hivepro.com/emergency-patches-have-been-released-by-microsoft-for-printnightmare/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-23T15:19:10", "description": "#### THREAT LEVEL: Red.\n\nFor a detailed advisory, [download the pdf file here](<https://www.hivepro.com/wp-content/uploads/2021/07/TA202126.pdf>)[.](<https://www.hivepro.com/wp-content/uploads/2021/07/TA202122.pdf>)\n\nAfter almost 10 days of releasing [an advisory ](<https://www.hivepro.com/emergency-patches-have-been-released-by-microsoft-for-printnightmare/>)by the Hive Pro Threat Research team, a new vulnerability has been found in Windows Print Spooler. This is a privilege escalation flaw that allows attackers to run arbitrary code with SYSTEM privileges, giving them the ability to install programs, read, alter, or remove data, and create new accounts with full user rights. The affected versions have not been known as of now. There have been no patches released yet, but workarounds are available.\n\n#### Vulnerability Details\n\n**CVE ID** | **Affected CPEs** | **Vulnerability Name** \n---|---|--- \nCVE-2021-34481 | cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:* | Microsoft windows print spooler service Privilege Escalation \n \n#### Patch Links\n\n<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>\n\n#### References\n\n<https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/>\n\n<https://arstechnica.com/gadgets/2021/07/disable-the-windows-print-spooler-to-prevent-hacks-microsoft-tells-customers/>", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-18T13:12:53", "type": "hivepro", "title": "Weren\u2019t you warned about reactivating the Print Spooler?", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481"], "modified": "2021-07-18T13:12:53", "id": "HIVEPRO:1C413EFAC97AED19F9E35574668008F9", "href": "https://www.hivepro.com/werent-you-warned-about-reactivating-the-print-spooler/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-22T07:28:58", "description": "THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an alert for enterprises that Russian state-sponsored cyber attackers have obtained network access by exploiting default MFA protocols and a known vulnerability. Russian state-sponsored cyber attackers got initial access to the target organization by using compromising credentials and registering a new device in the organization&#x27;s Duo multi-factor authentication (MFA). The actors obtained the credentials using a brute-force password guessing attack, which provided them with access to a victim account with a basic, predictable password. The victim account had been unenrolled from Duo after a long period of inactivity, but it had not been deactivated in Active Directory. The actors were able to enroll a new device for this account, satisfy the authentication requirements, and get access to the victim network since Duo&#x27;s default configuration settings allow for the re-enrollment of a new device for inactive accounts. Using the stolen account, Russian state-sponsored cyber attackers gained administrator rights by exploiting the &quot;PrintNightmare&quot; vulnerability (CVE-2021-34527). Furthermore, the cyber actors were able to obtain required material by moving laterally to the victim&#x27;s cloud storage and email accounts. The organizations can apply the following mitigations: To prevent against &quot;fail open&quot; and re-enrollment scenarios, enforce MFA and examine configuration restrictions. Assure that inactive accounts are deactivated consistently across the Active Directory and MFA systems. Ensure that inactive accounts are deactivated equally across Active Directory, MFA systems, and other systems. Update software such as operating systems, apps, and hardware on a regular basis. The Mitre TTPs used in the current attack are:TA0001 - Initial AccessTA0003 - PersistenceTA0004 - Privilege EscalationTA0005 - Defense EvasionTA0006 - Credential AccessTA0007 - DiscoveryTA0008 - Lateral MovementTA0009 - CollectionT1078: Valid AccountsT1133: External Remote ServicesT1556: Modify Authentication ProcessT1068: Exploitation for Privilege EscalationT1112: Modify RegistryT1110.001: Brute Force: Password GuessingT1003.003: OS Credential Dumping: NTDST1018: Remote System DiscoveryT1560.001: Archive Collected Data: Archive via Utility Vulnerability Details Indicators of Compromise (IoCs) Patch Link https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 References https://www.cisa.gov/uscert/ncas/alerts/aa22-074a", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2022-03-18T13:58:03", "type": "hivepro", "title": "Russian threat actors leveraging misconfigured multifactor authentication to exploit PrintNightmare vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-18T13:58:03", "id": "HIVEPRO:8D09682ECAC92A6EA4B81D42F45F0233", "href": "https://www.hivepro.com/russian-threat-actors-leveraging-misconfigured-mfa-to-exploit-printnightmare-vulnerability/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2021-11-26T18:43:30", "description": "Hello everyone! Yet another news episode.\n\n## Microsoft&#x27;s August Patch Tuesday\n\nLet&#x27;s start with Microsoft&#x27;s August Patch Tuesday. I think the most interesting thing is that it contains a fix for the PetitPotam vulnerability. I talked about this vulnerability two weeks ago. At the time, Microsoft had no plans to release a patch because PetitPotam was a &quot;classic NTLM Relay Attack&quot;. But the patch was actually released as part of August Patch Tuesday.\n\nA [quote from Rapid7](<https://www.rapid7.com/blog/post/2021/08/03/petitpotam-novel-attack-chain-can-fully-compromise-windows-domains-running-ad-cs/>): _&quot;Tracked as CVE-2021-36942, the August 2021 Patch Tuesday security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through the LSARPC interface&quot;_. \n\nThere are no formal signs that this vulnerability is critical other than comments from the vendors. My Vulristics tool has flagged this &quot;Windows LSA Spoofing&quot; as a Medium level Vulnerability. But this fix seems to be the most important thing in this Patch Tuesday. So install this patch first.\n\nSpeaking of other vulnerabilities. There was nothing critical. No vulnerabilities with public exploits. Only one vulnerability that has been exploited in the wild, CVE-2021-36948 \u2013 Windows Update Medic Service Elevation of Privilege. But this is EoP and there are no public exploits yet, so I think you can patch it as planned without hurry.\n\nSeveral potentially dangerous RCEs:\n\n * Windows Print Spooler (CVE-2021-36936, CVE-2021-36947). They look similar to PrintNightmare, but there are no details yet.\n * Windows TCP/IP (CVE-2021-26424) and Remote Desktop Client (CVE-2021-34535). Such vulnerabilities rarely get public exploits.\n * NFS ONCRPC XDR Driver (CVE-2021-26432). Nothing is clear at all.\n\nIn general, it looks like a ptetty calm Patch Tuesday. If you&#x27;re interested, a link to the Vulristics report: In general, it looks like a ptetty calm Patch Tuesday. If you&#x27;re interested, a link to the Vulristics report: [ms_patch_tuesday_august2021](<https://avleonov.com/vulristics_reports/ms_patch_tuesday_august2021_report_avleonov_comments.html>)\n\n## Phishers started using reCAPTCHA\n\nFunny news that I really liked. [Phishers started using reCAPTCHA](<https://threatpost.com/cyberattackers-captchas-phishing-malware/168684/>) to bypass the automatic detection of phishing sites. The script only sees the safe page with a CAPTCHA and can&#x27;t solve it. But a real person just solves it without thinking, because people used to seeing and solving such CAPTCHAs, and see the complete phishing site. It&#x27;s very simple and ingenious! \n\n## Scan one IP and go to the prison\n\nAnd the last will be [a local news from Russia](<https://www.rbc.ru/technology_and_media/17/08/2021/611a95059a7947e9bf954a8f>). But the case is interesting. One guy worked in the tech support of some internet provider. And he decided to scan the network of this provider, detect misconfigured routers of the clients and inform them about the found vulnerabilities. His boss knew about it. Unfortunatelly, these clients included some government scientific research-to-production facility with a mail server available on the scanned IP. This facility is a \u201ccritical infrastructure\u201d object and the actions of a support technician are classified as an attack on critical infrastructure. He can spend up to 7 years in prison. Why he personally and not his employer? That guy worked remotelly from home and scanned from his personal IP address.\n\nA pretty crazy story, but it shows the cirumstances of &quot;penetration testing&quot; or &quot;bughunting&quot; without getting all necessery formal permissions. It also shows how, in theory, a person could be easily framed as an attacker if that person&#x27;s personal device is compromised. Also, I don&#x27;t think port scanning or banner grabbing is actually an attack, IMHO this is normal network activity. And I don&#x27;t think that checking the default passwords is always an attack, but it is a topic for discussion. In fact it doesn&#x27;t matter what I or we think, it&#x27;s only law enforcement practice that matters, and that practice can be pretty harsh. So keep that in mind and don&#x27;t scan the unknown hosts that don&#x27;t belong to you unless you want sudden problems.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-19T21:38:46", "type": "avleonov", "title": "Security News: Microsoft Patch Tuesday August 2021, Phishers Started Using reCAPTCHA, Scan 1 IP and Go to Jail", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-26432", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-19T21:38:46", "id": "AVLEONOV:3530747E605445686B7211B2B0853579", "href": "https://avleonov.com/2021/08/20/security-news-microsoft-patch-tuesday-august-2021-phishers-started-using-recaptcha-scan-1-ip-and-go-to-jail/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-03T08:35:33", "description": "Hello guys! The second episode of Last Week\u2019s Security news from June 28 to July 4.\n\nThe most interesting vulnerability of the last week is of course [Microsoft Print Spooler &quot;PrintNightmare&quot;](<https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability>). By [sending an RpcAddPrinterDriverEx() RPC request](<https://www.kb.cert.org/vuls/id/383432>), for example over SMB, a remote, authenticated attacker may be able to execute arbitrary code with SYSTEM privileges on a vulnerable Windows system. And there is a public PoC exploit for this vulnerability published by the Chinese security firm Sangfor. And there is some strange story. It turns out that Sangfor published an exploit for the 0day vulnerability. But they thought this vulnerability (CVE-2021-1675) had already been patched as part of the June Micorosft Patch Tuesday. And then it turns out that this is a bug in the Microsoft patch. But Microsoft wrote that this is a different, new vulnerability CVE-2021-34527 and so there were no problems with the previous patch. In any case, a patch for this vulnerability has not yet been released and [Microsoft is suggesting two Workarounds](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). Option 1 - Disable the Print Spooler service, Option 2 - Disable inbound remote printing through Group Policy. Do this first for Domain Controllers and other critical Windows servers. All versions of Windows contain the vulnerable code and are susceptible to exploitation. Also note that the new vulnerability has a flag Exploitation Detected on the MS site. \n\nThe most interesting attack of the week is [Kaseya VSA Supply-Chain Attack](<https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689>). Kaseya Limited is an American software company that develops software for managing networks, systems, and information technology infrastructure. [Kaseya VSA](<https://www.kaseya.com/products/vsa/>) (Virtual System Administrator) is a cloud-based MSP (Managed Service Provider) platform that allows providers to perform patch management and client monitoring for their customers. So, REvil gang used around [30 MSPs across the US, AUS, EU, and LATAM where Kaseya VSA was to encrypt over 1,000 businesses](<https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/>). It is now believed that this was an attack on on-premises VSA servers using SQL injection and authentication bypass vulnerabilities. Well, by agreeing to use the MSP, be prepared for such surprises.\n\nContinuing the topic of vulnerabilities in services that simplify system administration, Finnish cybersecurity company Nixu [has published a writeup for Remote Code Execution](<https://www.nixu.com/blog/remote-code-execution-vulnerability-microsoft-intune-managed-windows-devices>) vulnerability in Microsoft Intune managed Windows devices ([CVE-2021-31980](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31980>)) from June Patch Tuesday. &quot;This proof-of-concept shows that remote attackers can run code with system privileges on a Windows machine by intercepting the TLS connections. This vulnerability could be exploited to install malware to the victim\u2019s machine to take persistent full control over it&quot;. Intune Management Extension updates itself without any user action when the computer is connected to internet. But computers not connected to internet might still run the vulnerable version on startup.\n\nI liked the [new Metasploit module](<https://vulners.com/metasploit/MSF:EXPLOIT/LINUX/LOCAL/DOCKER_RUNC_ESCAPE/>) that leverages a flaw in `runc` to escape a Docker container and get command execution on the host as root. It overwrites the `runc` binary with the payload and wait for someone to use `docker exec` to get into the container.\n\nAnd I want to mention these vulnerabilities: \n\n * [Microsoft Translation Bugs Open Edge Browser to Trivial UXSS Attacks.](<https://threatpost.com/microsoft-edge-browser-uxss-attacks/167389/>) &quot;Remotely inject and execute arbitrary code on any website just by sending a message&quot;.\n * [Pre-Auth Remote Code Execution Vulnerability (CVE-2021-35464)](<https://blog.rapid7.com/2021/06/30/forgerock-openam-pre-auth-remote-code-execution-vulnerability-what-you-need-to-know/>) in ForgeRock Access Manager.\n * The vulnerability in Windows 10 allows a low-privileged user to [wipe out arbitrary files needed for UEFI boot](<https://www.thezdi.com/blog/2021/6/30/cve-2021-26892-an-authorization-bypass-on-the-microsoft-windows-efi-system-partition>).\n * [Western Digital&#x27;s older network-attached storage systems](<https://www.darkreading.com/attacks-breaches/mybook-investigation-reveals-attackers-exploited-legacy-0-day-vulnerabilities/d/d-id/1341440>) allowed unauthenticated commands to trigger a factory reset, formatting the hard drives.\n * Microsoft Discloses [Critical Bugs Allowing Takeover](<https://thehackernews.com/2021/06/microsoft-discloses-critical-bugs.html>) of [NETGEAR Routers](<https://www.netgear.com/support/product/DGN2200v1.aspx>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-05T15:19:07", "type": "avleonov", "title": "Last Week\u2019s Security news: PrintNightmare, Kaseya, Intune, Metasploit Docker escape", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-26892", "CVE-2021-31980", "CVE-2021-34527", "CVE-2021-35464"], "modified": "2021-07-05T15:19:07", "id": "AVLEONOV:30285D85FDB40C8D55F6A24D9D446ECF", "href": "http://feedproxy.google.com/~r/avleonov/~3/iv5hnOt7XD8/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "malwarebytes": [{"lastseen": "2021-08-11T14:38:54", "description": "The sheer number of patches (44 security vulnerabilities) should be enough to scare us, but unfortunately we have gotten used to those numbers. In fact, 44 is a low number compared to what we have seen on recent Patch Tuesdays. So what are the most notable vulnerabilities that were patched.\n\n * One actively exploited vulnerability\n * One vulnerability that has a CVSS score of 9.9 out of 10\n * And yet another attempt to fix PrintNightmare\n\nLet\u2019s go over these worst cases to get an idea of what we are up against.\n\n### CVEs\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services).\n\n### Actively exploited\n\n[CVE-2021-36948](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948>) is an [elevation of privilege (EoP)](<https://blog.malwarebytes.com/glossary/privilege-escalation/>) vulnerability in the Windows Update Medic Service. The Windows Update Medic Service is a background service that was introduced with Windows 10 and handles the updating process. Its only purpose is to repair the Windows Update service so that your PC can continue to receive updates unhindered. Besides on Windows 10 it also runs on Windows Server 2019. According to Microsoft CVE-2021-36948 is being actively exploited, but it is not aware of exploit code publicly available. [Reportedly](<https://blog.automox.com/automox-experts-weigh-in-august-patch-tuesday-2021>), the exploit is both low complexity and can be exploited without user interaction, making this an easy vulnerability to include in an adversaries toolbox. The bug is only locally exploitable, but local elevation of privilege is exactly what ransomware gangs will be looking to do after breaching a network, for example.\n\n### 9.9 out of 10\n\n[CVE-2021-34535](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535>) is a [Remote Code Execution (RCE)](<https://blog.malwarebytes.com/glossary/remote-code-execution-rce-attack/>) vulnerability in Windows TCP/IP. This is remotely exploitable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCPIP packet to its host. This vulnerability exists in the TCP/IP protocol stack identified in Windows 7 and newer Microsoft operating systems, including servers.\n\nThis vulnerability received a CVSS score of 9.9 out of 10. The CVSS standards are used to help security researchers, software users, and vulnerability tracking organizations measure and report on the severity of vulnerabilities. CVSS can also help security teams and developers prioritize threats and allocate resources effectively.\n\n### 9.8 out of 10\n\nAnother high scorer is [CVE-2021-26432](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26432>), an RCE in the Windows Services for NFS ONCRPC XDR Driver. Open Network Computing (ONC) Remote Procedure Call (RPC) is a remote procedure call system. ONC was originally developed by Sun Microsystems. The NFS protocol is independent of the type of operating system, network architecture, and transport protocols. The Windows service for the driver makes sure that Windows computers can use this protocol. This vulnerability got a high score because it is known to be easy to exploit and can be initiated remotely.\n\n### More RDP\n\n[CVE-2021-34535](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34535>) is an RCE in the Remote Desktop Client. Microsoft lists two exploit scenarios for this vulnerability:\n\n * In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client.\n * In the case of Hyper-V, a malicious program running in a guest VM could trigger guest-to-host RCE by exploiting this vulnerability in the Hyper-V Viewer when a victim running on the host connects to the attacking Hyper-V guest.\n\nSince this is a client-side vulnerability, an attacker would have to convince a user to authenticate to a malicious RDP server, where the server could then trigger the bug on the client side. Combined with other RDP weaknesses however, this vulnerability would be easy to chain into a full system take-over.\n\n### Never-ending nightmare of PrintNightmare\n\nThe Print Spooler service was subject to yet more patching. The researchers behind PrintNightmare predicted that it would be a fertile ground for further discoveries, and they seem to be right. I\u2019d be tempted to advise Microsoft to start from scratch instead of patching patches on a very old chunk of code.\n\n[CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>) an RCE vulnerability in Windows Print Spooler. A vulnerability that was publicly disclosed, which may be related to several bugs in Print Spooler that were identified by researchers over the past few months (presumably PrintNightmare).\n\n[CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>) and [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34527>) are RCE vulnerabilities that could allow attackers to run arbitrary code with SYSTEM privileges.\n\nMicrosoft said the Print Spooler patch it pushed this time should address all publicly documented security problems with the service. In an unusual step, it has made a breaking change: \u201cToday we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges.\u201d\n\nTo be continued, we suspect.\n\nThe post [PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-11T12:16:17", "type": "malwarebytes", "title": "PrintNightmare and RDP RCE among major issues tackled by Patch Tuesday", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26432", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36948"], "modified": "2021-08-11T12:16:17", "id": "MALWAREBYTES:9F3181D8BD5EF0E44A305AF69898B9E0", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-07-14T12:38:34", "description": "Last week we wrote about [PrintNightmare](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/>), a vulnerability that was supposed to be patched but wasn&#x27;t. After June&#x27;s Patch Tuesday, researchers found that the patch did not work in every case, most notably on modern domain controllers. Yesterday, Microsoft issued a set of out-of-band patches that sets that aims to set that right by fixing the Windows Print Spooler Remote Code Execution vulnerability listed as [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n### Serious problem\n\nFor Microsoft to publish an out-of-band patch a week before July&#x27;s Patch Tuesday shows just how serious the problem is.\n\nPrintNightmare allows a standard user on a Windows network to execute arbitrary code on an affected machine, and to elevate their privileges as far as domain admin, by feeding a vulnerable machine a malicious printer driver. The problem was exacerbated by confusion around whether PrintNightmare was a known, patched problem or an entirely new problem. In the event it turned out to be a bit of both.\n\nLast week the Cybersecurity and Infrastructure Security Agency (CISA) urged administrators to [disable the Windows Print Spooler service](<https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability>) in domain controllers and systems that don&#x27;t print.\n\nHowever, the installation of the Domain Controller (DC) role adds a thread to the spooler service that is responsible for removing stale print queue objects. If the spooler service is not running on at least one domain controller in each site, then Active Directory has no means to remove old queues that no longer exist.\n\nSo, many organizations were forced to keep the Print Spooler service enabled on some domain controllers, leaving them at risk to attacks using this vulnerability.\n\n### Set of patches\n\nDepending on the Windows version the patch will be offered as:\n\n * [KB5004945](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004947-os-build-17763-2029-out-of-band-71994811-ff08-4abe-8986-8bd3a4201c5d>) for Windows 10 version 2004, version 20H1, and version 21H1\n * [KB5004946](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004946-os-build-18363-1646-out-of-band-18c5ffac-6015-4b3a-ba53-a73c3d3ed505>) for Windows 10 version 1909\n * [KB5004947](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004947-os-build-17763-2029-out-of-band-71994811-ff08-4abe-8986-8bd3a4201c5d>) for Windows 10 version 1809 and Windows Server 2019\n * KB5004949 for Windows 10 version 1803 which is not available yet\n * [KB5004950](<https://support.microsoft.com/en-us/topic/july-6-2021-kb5004950-os-build-10240-18969-out-of-band-7f900b36-b3cb-4f5e-8eca-107cc0d91c50>) for Windows 10 version 1507\n * Older Windows versions (Windows 7 SP1, Windows 8.1 Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows Server 2012 R2) will receive a security update that disallows users who are not administrators to install only signed print drivers to a print server.\n\nSecurity updates have not yet been released for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012, but they will also be released soon, according to Microsoft.\n\nThe updates are cumulative and contain all previous fixes as well as protections for [CVE-2021-1675](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1675>).\n\n### Not a complete fix\n\nIt is important to note that these patches and updates **only tackle the remote code execution (RCE) part** of the vulnerability. Several researchers have confirmed that the local privilege escalation (LPE) vector still works. This means that threat actors and already active malware can still locally exploit the vulnerability to gain SYSTEM privileges.\n\n### Advice\n\nMicrosoft recommends that you install this update immediately on all supported Windows client and server operating systems, starting with devices that currently host the print server role. You also have the option to configure the `RestrictDriverInstallationToAdministrators` registry setting to prevent non-administrators from installing signed printer drivers on a print server. See [KB5005010](<https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>) for more details.\n\n> \u201cThe attack vector and protections in CVE-2021-34527 reside in the code path that installs a printer driver to a Server. The workflow used to install a printer driver from a trusted print server on a client computer uses a different path. In summary, protections in CVE-2021-34527 including the RestrictDriverInstallationToAdministrators registry key do not impact this scenario.\u201d\n\nCISA encourages users and administrators to review the Microsoft Security Updates as well as CERT/CC Vulnerability Note [VU #383432](<https://www.kb.cert.org/vuls/id/383432>) and apply the necessary updates or workarounds.\n\n### Impact of the updates\n\nSo, the vulnerability lies in the normal procedure that allows users to install a printer driver on a server. A printer driver is in essence an executable like any other. And allowing users to install an executable of their choice is asking for problems. Especially combined with a privilege escalation vulnerability that anyone can use to act with SYSTEM privileges. The updates, patches, and some of the workarounds are all designed to limit the possible executables since they need to be signed printer drivers.\n\nFor a detailed and insightful diagram that shows GPO settings and registry keys administrators can check whether their systems are vulnerable, have a look at this flow chart diagram, courtesy of [Will Dormann](<https://twitter.com/wdormann>).\n\n> This is my current understanding of the [#PrintNightmare](<https://twitter.com/hashtag/PrintNightmare?src=hash&ref_src=twsrc%5Etfw>) exploitability flowchart. \nThere&#x27;s a small disagreement between me and MSRC at the moment about UpdatePromptSettings vs. NoWarningNoElevationOnUpdate, but I think it doesn&#x27;t matter much as I just have both for now. [pic.twitter.com/huIghjwTFq](<https://t.co/huIghjwTFq>)\n> \n> -- Will Dormann (@wdormann) [July 7, 2021](<https://twitter.com/wdormann/status/1412906574998392840?ref_src=twsrc%5Etfw>)\n\n### Information for users that applied 0patch\n\nIt is worth mentioning for the users that applied the PrintNightmare [micropatches by 0patch](<https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html>) that according to 0patch it is better not to install the Microsoft patches. They posted on Twitter that the Microsoft patches that only fix the RCE part of the vulnerability disable the 0patch micropatch which fixes both the LPE and RCE parts of the vulnerability.\n\n> If you&#x27;re using 0patch against PrintNightmare, DO NOT apply the July 6 Windows Update! Not only does it not fix the local attack vector but it also doesn&#x27;t fix the remote vector. However, it changes localspl.dll, which makes our patches that DO fix the problem stop applying. <https://t.co/osoaxDVCoB>\n> \n> -- 0patch (@0patch) [July 7, 2021](<https://twitter.com/0patch/status/1412826130051174402?ref_src=twsrc%5Etfw>)\n\n### Update July 9, 2021\n\nOnly a little more than 12 hours after the release a researcher has found an exploit that works on a patched system under special circumstances. [Benjamin Delpy](<https://twitter.com/gentilkiwi?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1412771368534528001%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2021%2F07%2Fmicrosofts-emergency-patch-fails-to-fix-critical-printnightmare-vulnerability%2F>) showed an exploit working against a Windows Server 2019 that had installed the out-of-band patch. In a demo Delpy shows that the update fails to fix vulnerable systems that use certain settings for a feature called [point and print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>), which makes it easier for network users to obtain the printer drivers they need.\n\nIn Microsoft&#x27;s defense the advisory for [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) contains a note in the FAQ stating that:\n\n> Point and Print is not directly related to this vulnerability, but certain configurations make systems vulnerable to exploitation.\n\n### Update July 14, 2021\n\nThe Cybersecurity and Infrastructure Security Agency\u2019s (CISA) has issued [Emergency Directive 21-04](<https://cyber.dhs.gov/ed/21-04/>), \u201cMitigate Windows Print Spooler Service Vulnerability\u201d because it is aware of active exploitation, by multiple threat actors, of the PrintNightmare vulnerability. \n\nCISA has determined that this vulnerability poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action. The actions CISA lists are required actions for the agencies. The determination that these actions are necessary is based on the current exploitation of this vulnerability by threat actors in the wild, the likelihood of further exploitation of the vulnerability, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems. Exploitation of the vulnerability allows an attacker to remotely execute code with system level privileges enabling a threat actor to quickly compromise the entire identity infrastructure of a targeted organization. \n\nThe post [UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-07T14:17:31", "type": "malwarebytes", "title": "UPDATED: Patch now! Emergency fix for PrintNightmare released by Microsoft", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-07T14:17:31", "id": "MALWAREBYTES:DB34937B6474073D9444648D34438225", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-08T08:32:20", "description": "In a rush to be the first to publish a proof-of-concept (PoC), researchers have published a write-up and a demo exploit to demonstrate a vulnerability that has been dubbed PrintNightmare. Only to find out they had alerted the world to a new 0-day vulnerability by accident.\n\n### What happened?\n\nIn June, Microsoft patched a vulnerability in the Windows Print Spooler that was listed as [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>). At first it was classified as an elevation of privilege (EoP) vulnerability. Which means that someone with limited access to a system could raise their privilege level, giving them more power over the affected system. This type of vulnerability is serious, especially when it is found in a widely used service like the Windows Print Spooler. A few weeks after the patch Microsoft raised the level of seriousness to a remote code execution (RCE) vulnerability. RCE vulnerabilities allow a malicious actor to execute their code on a different machine on the same network.\n\nAs per [usual](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/06/microsoft-fixes-seven-zero-days-including-two-puzzlemaker-targets-google-fixes-serious-android-flaw/>), the general advice was to install the patches from Microsoft and you\u2019re done. Fast forward another week and a researcher announced he&#x27;d found a way to exploit the vulnerability to achieve both local privilege escalation and remote code execution. This actually happens a lot when researchers reverse engineer a patch.\n\nOnly in this case it had an unexpected consequence. A different team of researchers had also found an RCE vulnerability in the Print Spooler service. They called theirs PrintNightmare and believed it was the same as CVE-2021-1675. They were working on a presentation to be held at the Black Hat security conference. But now they feared that the other team had stumbled over the same vulnerability, so they published their work, believing it was covered by the patch already released by Microsoft.\n\nBut the patch for CVE-2021-1675 didn&#x27;t seem to work against the PrintNightmare vulnerability. It appeared that PrintNightmare and CVE-2021-1675 were in fact two very similar but different vulnerabilities in the Print Spooler.\n\nAnd with that, it looked as if the PrintNightmare team had, unwittingly, disclosed a new 0-day vulnerability irresponsibly. (Disclosure of vulnerabilities is considered responsible if a vendor is given enough time to issue a patch.)\n\nSince then, some security researchers have argued that CVE-2021-1675 and PrintNightmare are the same, and others have reported that the CVE-2021-1675 patch works on _some_ systems.\n\n> [#PrintNightmare](<https://twitter.com/hashtag/PrintNightmare?src=hash&ref_src=twsrc%5Etfw>) / CVE-2021-1675 - It appears patches might be effective on systems that are not domain controllers. RpcAddPrinterDriverEx call as non-admin fails with access denied against fully patched Server 2016 and 2019 non-DC, but after dcpromo the exploit works again. \n [pic.twitter.com/USetUXUzXN](<https://t.co/USetUXUzXN>)\n> \n> -- Stan Hegt (@StanHacked) [July 1, 2021](<https://twitter.com/StanHacked/status/1410405688766042115?ref_src=twsrc%5Etfw>)\n\nWhether they are the same or not, what is not in doubt is that there are live Windows systems where PrintNightmare cannot be patched. And unfortunately, it seems that the systems where the patch doesn&#x27;t work are Windows Domain Controllers, which is very much the worst case scenario. \n\n### PrintNightmare\n\nThe Print Spooler service is embedded in the Windows operating system and manages the printing process. It is running by default on most Windows machines, including Active Directory servers.\n\nIt handles preliminary functions of finding and loading the print driver, creating print jobs, and then ultimately printing. This service has been around \u201cforever\u201d and it has been a fruitful hunting ground for vulnerabilities, with many flaws being found and fixed over the years. Remember [Stuxnet](<https://blog.malwarebytes.com/threat-analysis/2013/11/stuxnet-new-light-through-old-windows/>)? Stuxnet also exploited a vulnerability in the Print Spooler service as part of the set of vulnerabilities the worm used to spread.\n\nPrintNightmare can be triggered by an unprivileged user attempting to load a malicious driver remotely. Using the vulnerability, researchers have been able to gain SYSTEM privileges, and achieved remote code execution with the highest privileges on a fully patched system.\n\nTo exploit the flaw, attackers would first have to gain access to a network with a vulnerable machine. Although this provides some measure of protection, it is worth noting that there are underground markets where criminals can purchase this kind of access for a few dollars.\n\nIf they can secure any kind of access, they can potentially use PrintNightmare to turn a normal user into an all-powerful Domain Admin. As a Domain Admin they could then act almost with impunity, spreading ransomware, deleting backups and even disabling security software.\n\n### Mitigation\n\nConsidering the large number of machines that may be vulnerable to PrintNightmare, and that several methods to exploit the vulnerability have been published, it seems likely there will soon be malicious use-cases for this vulnerability.\n\nThere are a few things you can do until the vulnerability is patched. Microsoft will probably try to patch the vulnerability before next patch Tuesday (July 12), but until then you can:\n\n * Disable the Print Spooler service on machines that do not need it. Please note that stopping the service without disabling may not be enough.\n * For the systems that do need the Print Spooler service to be running make sure they are not exposed to the internet.\n\nI realize the above will not be easy or even feasible in every case. For those machines that need the Print Spooler service and also need to be accessible from outside the LAN, very carefully limit and [monitor](<https://support.malwarebytes.com/hc/en-us/articles/360056829274-Configure-Brute-Force-Protection-in-Malwarebytes-Nebula>) access events and permissions. Also at all costs avoid running the Print Spooler service on any domain controllers.\n\nFor further measures it is good to know that the exploit works by dropping a DLL in a subdirectory under C:\\Windows\\System32\\spool\\drivers, so system administrators can create a \u201cDeny to modify\u201d rule for that directory and its subdirectories so that even the SYSTEM account can not place a new DLL in them.\n\nThis remains a developing situation and we will update this article if more information becomes available.\n\n### Update July 2, 2021\n\nMicrosoft acknowledged this vulnerability and it has been assigned [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). In their description Microsoft also provides an extra workaround besides disabling the Print Spooler service.\n\n**Disable inbound remote printing through Group Policy**\n\nYou can also configure the settings via Group Policy as follows:\n\n * Computer Configuration / Administrative Templates / Printers\n * Disable the \u201cAllow Print Spooler to accept client connections:\u201d policy to block remote attacks.\n\n**Impact of workaround** This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible.\n\nThe post [PrintNightmare 0-day can be used to take over Windows domain controllers](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-01T14:08:26", "type": "malwarebytes", "title": "PrintNightmare 0-day can be used to take over Windows domain controllers", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-01T14:08:26", "id": "MALWAREBYTES:DA59FECA8327C8353EA012EA1B957C7E", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/printnightmare-0-day-can-be-used-to-take-over-windows-domain-controllers/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-12T12:35:46", "description": "I doubt if there has ever been a more appropriate nickname for a vulnerable service than PrintNightmare. There must be a whole host of people in Redmond having nightmares about the Windows Print Spooler service by now.\n\nPrintNightmare is the name of a set of vulnerabilities that allow a standard user on a Windows network to execute arbitrary code on an affected machine (including domain controllers) as SYSTEM, allowing them to elevate their privileges as far as domain admin. Users trigger the flaw by simply feeding a vulnerable machine a malicious printer driver. The problem was made worse by [confusion](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/07/patch-now-emergency-fix-for-printnightmare-released-by-microsoft/>) around whether PrintNightmare was a known, patched problem or an entirely new problem. In the end it turned out to be a bit of both.\n\n### What happened?\n\nIn June, Microsoft patched a vulnerability in the Windows Print Spooler that was listed as [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>). At first it was classified as an elevation of privilege (EoP) vulnerability. Which means that someone with limited access to a system could raise their privilege level, giving them more power over the affected system. This type of vulnerability is serious, especially when it is found in a widely used service like the Windows Print Spooler. A few weeks after the patch Microsoft raised the level of seriousness to a remote code execution (RCE) vulnerability. RCE vulnerabilities allow a malicious actor to execute their code on a different machine on the same network.\n\nIn a rush to be the first to publish a proof-of-concept (PoC), researchers published a write-up and a demo exploit to demonstrate the vulnerability. Only to find out they had alerted the world to a new 0-day vulnerability by accident. This vulnerability listed as [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) was introduced under the name PrintNightmare.\n\nOminously, the researchers behind PrintNightmare predicted that the Print Spooler, which has seen its fair share of problems in the past, would be a fertile ground for further discoveries.\n\nAt the beginning of July, Microsoft issued a set of out-of-band patches to fix this Windows Print Spooler RCE vulnerability. Soon enough, several researchers figured out that local privilege escalation (LPE) still worked. This means that threat actors and already active malware can still exploit the vulnerability to gain SYSTEM privileges. In a demo, [Benjamin Delpy](<https://twitter.com/gentilkiwi>) showed that the update failed to fix vulnerable systems that use certain settings for a feature called Point and Print, which makes it easier for network users to obtain the printer drivers they need.\n\nOn July 13 the Cybersecurity and Infrastructure Security Agency (CISA) issued [Emergency Directive 21-04](<https://cyber.dhs.gov/ed/21-04/>), \u201cMitigate Windows Print Spooler Service Vulnerability\u201d because it became aware of multiple threat actors exploiting PrintNightmare.\n\nAlso in July, [CrowdStrike](<https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/>) identified Magniber ransomware attempting to use a known PrintNightmare vulnerability to compromise victims.\n\n### An end to the nightmare?\n\nIn the August 10 [Patch Tuesday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>) update, the Print Spooler service was subject to _yet more_ patching, and Microsoft said that this time its patch should address all publicly documented security problems with the service.\n\nIn an unusual breaking change, one part of the update made admin rights required before using the Windows Point and Print feature.\n\n### Just one day later\n\nOn August 11, Microsoft released information about [CVE-2021-36958](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958>), yet another 0-day that allows local attackers to gain SYSTEM privileges on a computer. Again, it was security researcher Benjamin Delpy who [demonstrated](<https://vimeo.com/581584478>) the vulnerability, showing that threat actors can still gain SYSTEM privileges simply by connecting to a remote print server.\n\n### Mitigation\n\nThe workaround offered by Microsoft is stopping and disabling the Print Spooler service, although at this point you may be seriously considering a revival of the paperless office idea. So:\n\n * Disable the Print Spooler service on machines that do not need it. Please note that stopping the service without disabling may not be enough.\n * For the systems that do need the Print Spooler service to be running make sure they are not exposed to the Internet.\n\nMicrosoft says it is investigating the vulnerability and working on (yet another) security update.\n\nLike I said [yesterday](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/printnightmare-and-rdp-rce-among-major-issues-tackled-by-patch-tuesday/>): To be continued.\n\nThe post [Microsoft&#x27;s PrintNightmare continues, shrugs off Patch Tuesday fixes](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/microsofts-printnightmare-continues-shrugs-off-patch-tuesday-fixes/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T11:30:26", "type": "malwarebytes", "title": "Microsoft\u2019s PrintNightmare continues, shrugs off Patch Tuesday fixes", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527", "CVE-2021-36958"], "modified": "2021-08-12T11:30:26", "id": "MALWAREBYTES:7F8FC685D6EFDE8FC4909FDA86D496A5", "href": "https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/08/microsofts-printnightmare-continues-shrugs-off-patch-tuesday-fixes/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "krebs": [{"lastseen": "2021-08-21T10:08:03", "description": "**Microsoft** today released software updates to plug at least 44 security vulnerabilities in its **Windows** operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching **Windows 10** PCs and **Windows Server 2019** machines.\n\n\n\nMicrosoft said attackers have seized upon [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36948>), which is a weakness in the **Windows Update Medic** service. Update Medic is a new service that lets users repair Windows Update components from a damaged state so that the device can continue to receive updates.\n\nRedmond says while CVE-2021-36948 is being actively exploited, it is not aware of exploit code publicly available. The flaw is an &quot;elevation of privilege&quot; vulnerability that affects Windows 10 and **Windows Server 2019**, meaning it can be leveraged in combination with another vulnerability to let attackers run code of their choice as administrator on a vulnerable system.\n\n&quot;CVE-2021-36948 is a privilege escalation vulnerability - the cornerstone of modern intrusions as they allow attackers the level of access to do things like hide their tracks and create user accounts,&quot; said **Kevin Breen** of [Immersive Labs](<https://www.immersivelabs.com>). &quot;In the case of ransomware attacks, they have also been used to ensure maximum damage.&quot;\n\nAccording to Microsoft, critical flaws are those that can be exploited remotely by malware or malcontents to take complete control over a vulnerable Windows computer -- and with little to no help from users. Top of the heap again this month: Microsoft also took another stab at fixing a broad class of weaknesses in its printing software.\n\nLast month, the company rushed out an emergency update to patch &quot;[PrintNightmare](<https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/>)&quot; -- a critical hole in its Windows Print Spooler software that was being attacked in the wild. Since then, a number of researchers have discovered holes in that patch, allowing them to circumvent its protections.\n\nToday&#x27;s Patch Tuesday fixes another critical Print Spooler flaw ([CVE-2021-36936](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-36936>)), but it&#x27;s not clear if this bug is a variant of PrintNightmare or a unique vulnerability all on its own, said **Dustin Childs** at **Trend Micro&#x27;s Zero Day Initiative**.\n\n&quot;Microsoft does state low privileges are required, so that should put this in the non-wormable category, but you should still prioritize testing and deployment of this Critical-rated bug,&quot; Childs said.\n\nMicrosoft said the Print Spooler patch it is pushing today should address all publicly documented security problems with the service.\n\n&quot;Today we are addressing this risk by changing the default Point and Print driver installation and update behavior to require administrator privileges,&quot; Microsoft said in a blog post. &quot;This change may impact Windows print clients in scenarios where non-elevated users were previously able to add or update printers. However, we strongly believe that the security risk justifies the change. This change will take effect with the installation of the security updates released on August 10, 2021 for all versions of Windows, and is documented as [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34481>).&quot;\n\nAugust brings yet another critical patch ([CVE-2021-34535](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-34535>)) for the **Windows Remote Desktop** service, and this time the flaw is in the Remote Desktop client instead of the server.\n\n[CVE-2021-26424](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26424>) -- a scary, critical bug in the **Windows TCP/IP** component -- earned a CVSS score of 9.9 (10 is the worst), and is present in **Windows 7** through **Windows 10**, and Windows Server 2008 through 2019 (Windows 7 is no longer being supported with security updates).\n\nMicrosoft said it was not aware of anyone exploiting this bug yet, although the company assigned it the label &quot;exploitation more likely,&quot; meaning it may not be difficult for attackers to figure out. CVE-2021-26424 could be exploited by sending a single malicious data packet to a vulnerable system.\n\nFor a complete rundown of all patches released today and indexed by severity, check out the [always-useful Patch Tuesday roundup](<https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/>) from the **SANS Internet Storm Center**. And it&#x27;s not a bad idea to hold off updating for a few days until Microsoft works out any kinks in the updates: [AskWoody.com](<https://www.askwoody.com/2021/defcon-2-august-updates-include-print-spooler-fixes/>) usually has the lowdown on any patches that are causing problems for Windows users.\n\nOn that note, before you update _please_ make sure you have backed up your system and/or important files. It\u2019s not uncommon for a Windows update package to hose one\u2019s system or prevent it from booting properly, and some updates have been known to erase or corrupt files.\n\nSo do yourself a favor and backup before installing any patches. Windows 10 even has some [built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once.\n\nAnd if you wish to ensure Windows has been set to pause updating so you can back up your files and/or system before the operating system decides to reboot and install patches on its own schedule, [see this guide](<https://www.computerworld.com/article/3543189/check-to-make-sure-you-have-windows-updates-paused.html>).\n\nIf you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there\u2019s a decent chance other readers have experienced the same and may chime in here with useful tips.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-10T21:12:58", "type": "krebs", "title": "Microsoft Patch Tuesday, August 2021 Edition", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-34481", "CVE-2021-34535", "CVE-2021-36936", "CVE-2021-36948"], "modified": "2021-08-10T21:12:58", "id": "KREBS:AE87E964E683A56CFE4E51E96F3530AD", "href": "https://krebsonsecurity.com/2021/08/microsoft-patch-tuesday-august-2021-edition/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:33:35", "description": "**Microsoft **on Tuesday issued an emergency software update to quash a security bug that&#x27;s been dubbed &quot;**PrintNightmare**,&quot; a critical vulnerability in all supported versions of** Windows** that is actively being exploited. The fix comes a week ahead of Microsoft&#x27;s normal monthly Patch Tuesday release, and follows the publishing of exploit code showing would-be attackers how to leverage the flaw to break into Windows computers.\n\n\n\nAt issue is [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>), which involves a flaw in the Windows Print Spooler service that could be exploited by attackers to run code of their choice on a target&#x27;s system. Microsoft says it has already detected active exploitation of the vulnerability.\n\n**Satnam Narang**, staff research engineer at** Tenable**, said Microsoft&#x27;s patch warrants urgent attention because of the vulnerability&#x27;s ubiquity across organizations and the prospect that attackers could exploit this flaw in order to take over a Windows domain controller.\n\n&quot;We expect it will only be a matter of time before it is more broadly incorporated into attacker toolkits,&quot; Narang said. &quot;PrintNightmare will remain a valuable exploit for cybercriminals as long as there are unpatched systems out there, and as we know, unpatched vulnerabilities have a long shelf life for attackers.&quot;\n\nIn [a blog post](<https://msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/>), Microsoft&#x27;s Security Response Center said it was delayed in developing fixes for the vulnerability in **Windows Server 2016**, **Windows 10 version 1607**, and **Windows Server 2012**. The fix also apparently includes a new feature that allows Windows administrators to implement stronger restrictions on the installation of printer software.\n\n&quot;Prior to installing the July 6, 2021, and newer Windows Updates containing protections for CVE-2021-34527, the printer operators\u2019 security group could install both signed and unsigned printer drivers on a printer server,&quot; reads Microsoft&#x27;s [support advisory](<https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>). &quot;After installing such updates, delegated admin groups like printer operators can only install signed printer drivers. Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.\u201d\n\nWindows 10 users can check for the patch by opening Windows Update. Chances are, it will show what&#x27;s pictured in the screenshot below -- that **KB5004945** is available for download and install. A reboot will be required after installation.\n\n\n\nFriendly reminder: It&#x27;s always a good idea to backup your data before applying security updates. Windows 10 [has some built-in tools](<https://lifehacker.com/how-to-back-up-your-computer-automatically-with-windows-1762867473>) to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. \n\nMicrosoft&#x27;s out-of-band update may not completely fix the PrinterNightmare vulnerability. Security researcher [Benjamin Delpy](<https://blog.gentilkiwi.com/>) [posted on Twitter](<https://twitter.com/gentilkiwi/status/1412771368534528001>) that the exploit still works on a fully patched Windows server if the server also has Point &amp; Print enabled -- a Windows feature that automatically downloads and installs available printer drivers.\n\nDelpy said it&#x27;s common for organizations to enable Point &amp; Print using group policies because it allows users to install printer updates without getting approval first from IT. \n\nThis post will be updated if Windows users start reporting any issues in applying the patch.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-07T14:34:59", "type": "krebs", "title": "Microsoft Issues Emergency Patch for Windows Flaw", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-07T14:34:59", "id": "KREBS:3CC49021549439F95A2EDEB2029CF54E", "href": "https://krebsonsecurity.com/2021/07/microsoft-issues-emergency-patch-for-windows-flaw/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:39:15", "description": "[](<https://thehackernews.com/images/-KFVbzvrTdtw/YRNbSwawxnI/AAAAAAAADfg/bEuoCVHmHHw4ycTXfnhAqcyuUoWDf2W7gCLcBGAsYHQ/s0/windows-update-download.jpg>)\n\nMicrosoft on Tuesday rolled out [security updates](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Aug>) to address a total of 44 security issues affecting its software products and services, one of which it says is an actively exploited zero-day in the wild.\n\nThe update, which is the smallest release since December 2019, squashes seven Critical and 37 Important bugs in Windows, .NET Core &amp; Visual Studio, Azure, Microsoft Graphics Component, Microsoft Office, Microsoft Scripting Engine, Microsoft Windows Codecs Library, Remote Desktop Client, among others. This is in addition to [seven security flaws](<https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security>) it patched in the Microsoft Edge browser on August 5.\n\nChief among the patched issues is [CVE-2021-36948](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36948>) (CVSS score: 7.8), an elevation of privilege flaw affecting Windows Update Medic Service \u2014 a service that enables remediation and protection of Windows Update components \u2014 which could be abused to run malicious programs with escalated permissions.\n\nMicrosoft's Threat Intelligence Center has been credited with reporting the flaw, although the company refrained from sharing additional specifics or detail on how widespread those attacks were in light of active exploitation attempts.\n\nTwo of the security vulnerabilities are publicly known at the time of release -\n\n * [CVE-2021-36942](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36942>) (CVSS score: 9.8) - Windows LSA Spoofing Vulnerability\n * [CVE-2021-36936](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36936>) (CVSS score: 8.8) - Windows Print Spooler Remote Code Execution Vulnerability\n\nWhile CVE-2021-36942 contains fixes to secure systems against NTLM relay attacks like [PetitPotam](<https://thehackernews.com/2021/07/new-petitpotam-ntlm-relay-attack-lets.html>) by blocking the LSARPC interface, CVE-2021-36936 resolves yet another remote code execution flaw in the Windows Print Spooler component.\n\n\"An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM,\" Microsoft said in its advisory for CVE-2021-36942; adding the \"security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface.\"\n\nCVE-2021-36936 is also one among the three flaws in the Print Spooler service that Microsoft has fixed this month, with the two other vulnerabilities being [CVE-2021-36947](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36947>) and (CVSS score: 8.2) and [CVE-2021-34483](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34483>) (CVSS score: 7.8), the latter of which concerns an elevation of privilege vulnerability.\n\nIn addition, Microsoft has released [security updates](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>) to resolve a previously disclosed remote code execution in the Print Spooler service tracked as [CVE-2021-34481](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) (CVSS score: 8.8). This changes the default behavior of the \"[Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>)\" feature, effectively preventing non-administrator users from installing or updating new and existing printer drivers using drivers from a remote computer or server without first elevating themselves to an administrator.\n\nAnother critical flaw remediated as part of Patch Tuesday updates is [CVE-2021-26424](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26424>) (CVSS score: 9.9), a remote code execution vulnerability in Windows TCP/IP, which Microsoft notes \"is remotely triggerable by a malicious Hyper-V guest sending an ipv6 ping to the Hyper-V host. An attacker could send a specially crafted TCP/IP packet to its host utilizing the TCP/IP Protocol Stack (tcpip.sys) to process packets.\"\n\nTo install the latest security updates, Windows users can head to Start &gt; Settings &gt; Update &amp; Security &gt; Windows Update or by selecting Check for Windows updates.\n\n### Software Patches From Other Vendors\n\nBesides Microsoft, patches have also been released by a number of other vendors to address several vulnerabilities, including -\n\n * [Adobe](<https://helpx.adobe.com/security.html/security/security-bulletin.ug.html>)\n * [Android](<https://source.android.com/security/bulletin/2021-08-01>)\n * [Cisco](<https://tools.cisco.com/security/center/publicationListing.x>)\n * [Citrix](<https://support.citrix.com/search/#/All%20Products?ct=Software%20Updates,Security%20Bulletins&searchText=&sortBy=Modified%20date&pageIndex=1>)\n * [Juniper Networks](<https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES>)\n * Linux distributions [SUSE](<https://lists.suse.com/pipermail/sle-security-updates/2021-August/thread.html>), [Oracle Linux](<https://linux.oracle.com/ords/f?p=105:21>), and [Red Hat](<https://access.redhat.com/security/security-updates/#/security-advisories?q=&p=2&sort=portal_publication_date%20desc&rows=10&portal_advisory_type=Security%20Advisory&documentKind=Errata>)\n * [SAP](<https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=582222806>)\n * [Schneider Electric](<https://www.se.com/ww/en/work/support/cybersecurity/overview.jsp>)\n * [Siemens](<https://new.siemens.com/global/en/products/services/cert.html#SecurityPublications>), and\n * [VMware](<https://www.vmware.com/security/advisories.html>)\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-11T05:31:00", "type": "thn", "title": "Microsoft Releases Windows Updates to Patch Actively Exploited Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26424", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-36936", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2021-08-11T05:31:39", "id": "THN:F601EBBE359B3547B8E79F0217562FEF", "href": "https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:39:14", "description": "[](<https://thehackernews.com/images/-YB6xMmNkBp0/YRYuIvxMidI/AAAAAAAADhg/a2Ee5QkoQZw6JlnYhCIdg3Nk-HM2yu2wwCLcBGAsYHQ/s0/ransomware.jpg>)\n\nRansomware operators such as Magniber and Vice Society are actively exploiting vulnerabilities in Windows Print Spooler to compromise victims and spread laterally across a victim's network to deploy file-encrypting payloads on targeted systems.\n\n\"Multiple, distinct threat actors view this vulnerability as attractive to use during their attacks and may indicate that this vulnerability will continue to see more widespread adoption and incorporation by various adversaries moving forward,\" Cisco Talos [said](<https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html>) in a report published Thursday, corroborating an [independent analysis](<https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/>) from CrowdStrike, which observed instances of Magniber ransomware infections targeting entities in South Korea.\n\nWhile Magniber ransomware was first spotted in late 2017 singling out victims in South Korea through malvertising campaigns, Vice Society is a new entrant that emerged on the ransomware landscape in mid-2021, primarily targeting public school districts and other educational institutions. The attacks are said to have taken place since at least July 13.\n\nSince June, a series of \"PrintNightmare\" issues affecting the Windows print spooler service has come to light that could enable remote code execution when the component performs privileged file operations -\n\n * [**CVE-2021-1675**](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on June 8)\n * [**CVE-2021-34527**](<https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on July 6-7)\n * [**CVE-2021-34481**](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10)\n * [**CVE-2021-36936**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10) \n * [**CVE-2021-36947**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Patched on August 10)\n * [**CVE-2021-34483**](<https://thehackernews.com/2021/08/microsoft-releases-windows-updates-to.html>) \\- Windows Print Spooler Elevation of Privilege Vulnerability (Patched on August 10)\n * [**CVE-2021-36958**](<https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html>) \\- Windows Print Spooler Remote Code Execution Vulnerability (Unpatched)\n\nCrowdStrike noted it was able to successfully prevent attempts made by the Magniber ransomware gang at exploiting the PrintNightmare vulnerability.\n\nVice Society, on the other hand, leveraged a variety of techniques to conduct post-compromise discovery and reconnaissance prior to bypassing native Windows protections for credential theft and privilege escalation.\n\n[](<https://thehackernews.com/images/-JlsTWIHVgX4/YRYltMOGBKI/AAAAAAAADhQ/pzUFIcW6y0ABjOe3PuUQE5cPSnEOvGP9ACLcBGAsYHQ/s0/ransomware.jpg>)\n\nSpecifically, the attacker is believed to have used a malicious library associated with the PrintNightmare flaw (CVE-2021-34527) to pivot to multiple systems across the environment and extract credentials from the victim.\n\n\"Adversaries are constantly refining their approach to the ransomware attack lifecycle as they strive to operate more effectively, efficiently, and evasively,\" the researchers said. \"The use of the vulnerability known as PrintNightmare shows that adversaries are paying close attention and will quickly incorporate new tools that they find useful for various purposes during their attacks.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-13T08:29:00", "type": "thn", "title": "Ransomware Gangs Exploiting Windows Print Spooler Vulnerabilities", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34527", "CVE-2021-36936", "CVE-2021-36947", "CVE-2021-36958"], "modified": "2021-08-13T08:32:51", "id": "THN:6428957E9DED493169A2E63839F98667", "href": "https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:20", "description": "[](<https://thehackernews.com/images/-dWO_rqbdIfE/YPENEeXU5vI/AAAAAAAADNg/aAsoS9_8txQ842LEOAjpzJcvpkm6tro9wCLcBGAsYHQ/s0/Windows-Print-Spooler-Vulnerability.jpg>)\n\nMicrosoft on Thursday shared fresh guidance on yet another vulnerability affecting the Windows Print Spooler service, stating that it's working to address it in an upcoming security update.\n\nTracked as [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) (CVSS score: 7.8), the issue concerns a local privilege escalation flaw that could be abused to perform unauthorized actions on the system. The company credited security researcher Jacob Baines for discovering and reporting the bug.\n\n\"An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges,\" the Windows maker said in its advisory. \"An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\"\n\nHowever, it's worth pointing out that successful exploitation of the vulnerability requires the attacker to have the ability to execute code on a victim system. In other words, this vulnerability can only be exploited locally to gain elevated privileges on a device.\n\n[](<https://thehackernews.com/images/-KUjZieTgFsk/YPENj7mkDHI/AAAAAAAADNo/7YO-HAzw4LQN5_eg5egoI8gP2YeP34pjwCLcBGAsYHQ/s0/hacking.jpg>)\n\nAs workarounds, Microsoft is recommending users to stop and disable the Print Spooler service to prevent malicious actors from exploiting the vulnerability.\n\nThe development comes days after the Redmond-based firm rolled out patches to address a critical shortcoming in the same component that it disclosed as being actively exploited to stage in-the-wild attacks, making it the third printer-related flaw to come to light in recent weeks.\n\nDubbed PrintNightmare ([CVE-2021-34527](<https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html>)), the vulnerability stems from a missing permission check in the Print Spooler that enables the installation of malicious print drivers to achieve remote code execution or local privilege escalation on vulnerable systems.\n\nHowever, it later emerged that the out-of-band security update could be entirely bypassed under specific conditions to gain both local privilege escalation and remote code execution. Microsoft has since said the fixes are \"working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-16T04:40:00", "type": "thn", "title": "Microsoft Warns of New Unpatched Windows Print Spooler Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-34527"], "modified": "2021-07-17T11:53:08", "id": "THN:CF5E93184467C7B8F56A517CE724ABCF", "href": "https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:22", "description": "[](<https://thehackernews.com/images/-wbLrBJlJCfE/YOUa-690-KI/AAAAAAAADG0/6tT84mGPz6gQ_5vYBxhkEE_spk0LW4WpwCLcBGAsYHQ/s0/windows-patch-update.jpg>)\n\nMicrosoft has shipped an [emergency out-of-band security update](<https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#1646>) to address a critical zero-day vulnerability \u2014 known as \"PrintNightmare\" \u2014 that affects the Windows Print Spooler service and can permit remote threat actors to run arbitrary code and take over vulnerable systems.\n\nTracked as [CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>) (CVSS score: 8.8), the remote code execution flaw impacts all supported editions of Windows. Last week, the company warned it had detected active exploitation attempts targeting the vulnerability.\n\n\"The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system,\" the CERT Coordination Center said of the issue.\n\nIt's worth noting that PrintNightmare includes both remote code execution and a [local privilege escalation](<https://github.com/calebstewart/CVE-2021-1675>) vector that can be abused in attacks to run commands with SYSTEM privileges on targeted Windows machines.\n\n[](<https://thehackernews.com/images/-NzUbsCmtpLU/YOUekekqtnI/AAAAAAAADG8/HwnD7Xq3_iYftG9BrRvS1tJxIBOomRzXgCLcBGAsYHQ/s0/lpe.jpg>)\n\n\"The Microsoft update for CVE-2021-34527 only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant,\" CERT/CC vulnerability analyst Will Dormann [said](<https://www.kb.cert.org/vuls/id/383432>).\n\nThis effectively means that the incomplete fix could still be used by a local adversary to gain SYSTEM privileges. As workarounds, Microsoft recommends stopping and disabling the Print Spooler service or turning off inbound remote printing through Group Policy to block remote attacks.\n\nGiven the criticality of the flaw, the Windows maker has issued patches for:\n\n * Windows Server 2019\n * Windows Server 2012 R2\n * Windows Server 2008\n * Windows 8.1\n * Windows RT 8.1, and\n * Windows 10 (versions 21H1, 20H2, 2004, 1909, 1809, 1803, and 1507)\n\nMicrosoft has even taken the unusual step of issuing the fix for Windows 7, which officially reached the end of support as of January 2020.\n\nThe [update](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>), however, does not include Windows 10 version 1607, Windows Server 2012, or Windows Server 2016, for which the Redmond-based company stated patches will be released in the forthcoming days.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-07T03:11:00", "type": "thn", "title": "Microsoft Issues Emergency Patch for Critical Windows PrintNightmare Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-07T03:38:13", "id": "THN:42B8A8C00254E7187FE0F1EF2AF6F5D7", "href": "https://thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:23", "description": "[](<https://thehackernews.com/images/-RJ_0BYkTxHY/YN7HyUD-_KI/AAAAAAAA4SA/dbXcZli9DPwTnJvla5sgZ3hDzIqO8zLRgCLcBGAsYHQ/s0/windows-print-spooler-vulnerability.jpg>)\n\nMicrosoft on Thursday officially confirmed that the \"**PrintNightmare**\" remote code execution (RCE) vulnerability affecting Windows Print Spooler is different from the issue the company addressed as part of its Patch Tuesday update released earlier this month, while warning that it has detected exploitation attempts targeting the flaw.\n\nThe company is tracking the security weakness under the identifier [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>), and has assigned it a severity rating of 8.8 on the CVSS scoring system. All versions of Windows contain the vulnerable code and are susceptible to exploitation.\n\n\"A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,\" Microsoft said in its advisory. \"An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\"\n\n\"An attack must involve an authenticated user calling RpcAddPrinterDriverEx(),\" the Redmond-based firm added. When reached by The Hacker News, the company said it had nothing to share beyond the advisory.\n\nThe acknowledgment comes after researchers from Hong Kong-based cybersecurity company Sangfor [published](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) a technical deep-dive of a Print Spooler RCE flaw to GitHub, along with a fully working PoC code, before it was taken down just hours after it went up.\n\n[](<https://thehackernews.com/images/-Zl5E2TyZRFQ/YN7Ej6s8x8I/AAAAAAAA4R4/FEYZ4JpYdakscU9e8eXMl9VEI0Hl1P_SwCLcBGAsYHQ/s0/ms.jpg>)\n\nThe disclosures also set off speculation and debate about whether the June patch does or does not protect against the RCE vulnerability, with the CERT Coordination Center [noting](<https://kb.cert.org/vuls/id/383432>) that \"while Microsoft has released an update for CVE-2021-1675, it is important to realize that this update does NOT protect Active Directory domain controllers, or systems that have Point and Print configured with the NoWarningNoElevationOnInstall option configured.\"\n\nCVE-2021-1675, originally classified as an elevation of privilege vulnerability and later revised to RCE, was remediated by Microsoft on June 8, 2021.\n\nThe company, in its advisory, noted that PrintNightmare is distinct from CVE-2021-1675 for reasons that the latter resolves a separate vulnerability in RpcAddPrinterDriverEx() and that the attack vector is different.\n\nAs workarounds, Microsoft is recommending users to disable the Print Spooler service or turn off inbound remote printing through Group Policy. To reduce the attack surface and as an alternative to completely disabling printing, the company is also advising to check membership and nested group membership, and reduce membership as much as possible, or completely empty the groups where possible.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-02T05:36:00", "type": "thn", "title": "Microsoft Warns of Critical \"PrintNightmare\" Flaw Being Exploited in the Wild", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-03T07:11:54", "id": "THN:9CE630030E0F3E3041E633E498244C8D", "href": "https://thehackernews.com/2021/07/microsoft-warns-of-critical.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:22", "description": "[](<https://thehackernews.com/images/-4tveTym6-fk/YOZ_5ZwEbHI/AAAAAAAADHs/xXSCpfsipXYpe6tJM2SGaTIDUE9dVGoGwCLcBGAsYHQ/s0/PrintNightmare-Vulnerability-Patch.jpg>)\n\nEven as Microsoft [expanded patches](<https://docs.microsoft.com/en-us/windows/release-health/windows-message-center>) for the so-called [PrintNightmare vulnerability](<https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html>) for Windows 10 version 1607, Windows Server 2012, and Windows Server 2016, it has come to light that the fix for the remote code execution exploit in the Windows Print Spooler service can be bypassed in certain scenarios, effectively defeating the security protections and permitting attackers to run arbitrary code on infected systems.\n\nOn Tuesday, the Windows maker issued an [emergency out-of-band update](<https://thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html>) to address [CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>) (CVSS score: 8.8) after the flaw was accidentally disclosed by researchers from Hong Kong-based cybersecurity firm Sangfor late last month, at which point it emerged that the issue was different from another bug \u2014 tracked as [CVE-2021-1675](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>) \u2014 that was patched by Microsoft on June 8.\n\n\"Several days ago, two security vulnerabilities were found in Microsoft Windows' existing printing mechanism,\" Yaniv Balmas, head of cyber research at Check Point, told The Hacker News. \"These vulnerabilities enable a malicious attacker to gain full control on all windows environments that enable printing.\"\n\n\"These are mostly working stations but, at times, this relates to entire servers that are an integral part of very popular organizational networks. Microsoft classified these vulnerabilities as critical, but when they were published they were able to fix only one of them, leaving the door open for explorations of the second vulnerability,\" Balmas added.\n\nPrintNightmare stems from bugs in the Windows [Print Spooler](<https://docs.microsoft.com/en-us/windows/win32/printdocs/print-spooler>) service, which manages the printing process inside local networks. The main concern with the threat is that non-administrator users had the ability to load their own printer drivers. This has now been rectified.\n\n\"After installing this [update] and later Windows updates, users who are not administrators can only install signed print drivers to a print server,\" Microsoft [said](<https://support.microsoft.com/en-us/topic/july-7-2021-kb5004948-os-build-14393-4470-out-of-band-fb676642-a3fe-4304-a79c-9d651d2f6550>), detailing the improvements made to mitigate the risks associated with the flaw. \"Administrator credentials will be required to install unsigned printer drivers on a printer server going forward.\"\n\nPost the update's release, CERT/CC vulnerability analyst Will Dormann cautioned that the patch \"only appears to address the Remote Code Execution (RCE via SMB and RPC) variants of the PrintNightmare, and not the Local Privilege Escalation (LPE) variant,\" thereby allowing attackers to abuse the latter to gain SYSTEM privileges on vulnerable systems.\n\nNow, further testing of the update has revealed that exploits targeting the flaw could [bypass](<https://twitter.com/gentilkiwi/status/1412771368534528001>) the [remediations](<https://twitter.com/wdormann/status/1412813044279910416>) entirely to gain both local privilege escalation and remote code execution. To achieve this, however, a [Windows policy](<https://docs.microsoft.com/en-us/troubleshoot/windows-server/printing/use-group-policy-to-control-ad-printer>) called '[Point and Print Restrictions](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/group-policy/point-print-restrictions-policies-ignored>)' must be enabled (Computer Configuration\\Policies\\Administrative Templates\\Printers: Point and Print Restrictions), using which malicious printer drivers could be potentially installed.\n\n\"Note that the Microsoft update for CVE-2021-34527 does not effectively prevent exploitation of systems where the Point and Print NoWarningNoElevationOnInstall is set to 1,\" Dormann [said](<https://www.kb.cert.org/vuls/id/383432>) Wednesday. Microsoft, for its part, [explains in its advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) that \"Point and Print is not directly related to this vulnerability, but the technology weakens the local security posture in such a way that exploitation will be possible.\"\n\nWhile Microsoft has recommended the nuclear option of stopping and disabling the Print Spooler service, an [alternative workaround](<https://support.microsoft.com/en-us/topic/kb5005010-restricting-installation-of-new-printer-drivers-after-applying-the-july-6-2021-updates-31b91c02-05bc-4ada-a7ea-183b129578a7>) is to enable security prompts for Point and Print, and limit printer driver installation privileges to administrators alone by configuring the \"RestrictDriverInstallationToAdministrators\" registry value to prevent regular users from installing printer drivers on a print server.\n\n**UPDATE:** In response to CERT/CC's report, Microsoft [said](<https://msrc-blog.microsoft.com/2021/07/08/clarified-guidance-for-cve-2021-34527-windows-print-spooler-vulnerability/>) on Thursday:\n\n\"Our investigation has shown that the OOB [out-of-band] security update is working as designed and is effective against the known printer spooling exploits and other public reports collectively being referred to as PrintNightmare. All reports we have investigated have relied on the changing of default registry setting related to Point and Print to an insecure configuration.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-08T04:35:00", "type": "thn", "title": "Microsoft's Emergency Patch Fails to Fully Fix PrintNightmare RCE Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-09T09:52:49", "id": "THN:CAFA6C5C5A34365636215CFD7679FD50", "href": "https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:19", "description": "[](<https://thehackernews.com/images/-bi5ZcqZAriI/YPUgr-nwSjI/AAAAAAAADPc/Vyz_FgNnVwEF-E_EP0oMclWiGQCCSplZACLcBGAsYHQ/s0/Windows-Printer-Spooler-Vulnerability.jpg>)\n\nMerely days after Microsoft sounded the alarm on an [unpatched security vulnerability](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) in the Windows Print Spooler service, possibly yet another zero-day flaw in the same component has come to light, making it the fourth printer-related shortcoming to be discovered in recent weeks.\n\n\"Microsoft Windows allows for non-admin users to be able to install printer drivers via Point and Print,\" CERT Coordination Center's Will Dormann [said](<https://kb.cert.org/vuls/id/131152>) in an advisory published Sunday. \"Printers installed via this technique also install queue-specific files, which can be arbitrary libraries to be loaded by the privileged Windows Print Spooler process.\"\n\nAn exploit for the vulnerability was disclosed by security researcher and [Mimikatz creator](<https://www.wired.com/story/how-mimikatz-became-go-to-hacker-tool/>) [Benjamin Delpy](<https://twitter.com/gentilkiwi/status/1416079316673339392>).\n\n> [#printnightmare](<https://twitter.com/hashtag/printnightmare?src=hash&ref_src=twsrc%5Etfw>) \\- Episode 4 \n \nYou know what is better than a Legit Kiwi Printer ? \n\ud83e\udd5dAnother Legit Kiwi Printer...\ud83d\udc4d \n \nNo prerequiste at all, you even don't need to sign drivers/package\ud83e\udd2a [pic.twitter.com/oInb5jm3tE](<https://t.co/oInb5jm3tE>)\n> \n> \u2014 \ud83e\udd5d Benjamin Delpy (@gentilkiwi) [July 16, 2021](<https://twitter.com/gentilkiwi/status/1416079316673339392?ref_src=twsrc%5Etfw>)\n\nSpecifically, the flaw allows a threat actor to execute arbitrary code with SYSTEM privileges on a vulnerable Windows machine by connecting to a malicious print server under their control.\n\nWhile there is no solution to the problem, CERT/CC recommends configuring \"PackagePointAndPrintServerList\" to prevent the installation of printers from arbitrary servers and blocking outbound SMB traffic at the network boundary, given that public exploits for the vulnerability utilize SMB for connectivity to a malicious shared printer.\n\nThe new issue is only the latest evidence of the fallout after the [PrintNightmare](<https://thehackernews.com/2021/07/microsofts-emergency-patch-fails-to.html>) flaw accidentally became public last month, leading to the discovery of a number of vulnerabilities affecting the Print Spooler service.\n\nGiven the lack of details surrounding [CVE-2021-34481](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>) \u2014 the local privilege escalation (LPE) flaw reported by security researcher Jacob Baines \u2014 [it's not immediately clear](<https://twitter.com/wdormann/status/1416740343597486087>) what connection, if any, the vulnerability and this new Print Spooler signature-check bypass that also allows for LPE may have with one another.\n\nWhen reached for a response, a Microsoft spokesperson told The Hacker News that \"we are investigating reports and will take appropriate action as needed to help keep customers protected.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-19T06:51:00", "type": "thn", "title": "Researcher Uncovers Yet Another Unpatched Windows Printer Spooler Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481"], "modified": "2021-07-22T03:40:17", "id": "THN:C2D8045AAD8E4BA5A9168782138B6D52", "href": "https://thehackernews.com/2021/07/researcher-uncover-yet-another.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-09T12:37:27", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEi78Lgh1-a_Rlugh-jIjcQsT3okz4dkvUH1BpDGD2uThowKvsO7WgxJ7CzE9cAixe67YOA9inVSnZzZWhfA7bAV4ymALr-GCIvlvpRTka6rQROItUoRgAGIdaDtlEUPPeof7gjztGdh1UfjFIt_ps35SJsa5HNgqIppsi2kHJdv2NVQR31hMzFoIXUh>)\n\nThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint advisory warning that Russia-backed threat actors hacked the network of an unnamed non-governmental entity by exploiting a combination of flaws.\n\n\"As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default [multi-factor authentication] protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network,\" the agencies [said](<https://www.cisa.gov/uscert/ncas/alerts/aa22-074a>).\n\n\"The actors then exploited a critical Windows Print Spooler vulnerability, 'PrintNightmare' ([CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>)) to run arbitrary code with system privileges.\"\n\nThe attack was pulled off by gaining initial access to the victim organization via compromised credentials \u2013 obtained by means of a brute-force password guessing attack \u2013 and enrolling a new device in the organization's [Duo MFA](<https://duo.com/product/multi-factor-authentication-mfa>).\n\nIt's also noteworthy that the breached account was un-enrolled from Duo due to a long period of inactivity, but had not yet been disabled in the NGO's Active Directory, thereby allowing the attackers to escalate their privileges using the PrintNightmare flaw and disable the MFA service altogether.\n\n\"As Duo's default configuration settings allow for the re-enrollment of a new device for dormant accounts, the actors were able to enroll a new device for this account, complete the authentication requirements, and obtain access to the victim network,\" the agencies explained.\n\nTurning off MFA, in turn, allowed the state-sponsored actors to authenticate to the NGO's virtual private network (VPN) as non-administrator users, connect to Windows domain controllers via Remote Desktop Protocol (RDP), and obtain credentials for other domain accounts.\n\nIn the final stage of the attack, the newly compromised accounts were subsequently utilized to move laterally across the network to siphon data from the organization's cloud storage and email accounts.\n\nTo mitigate such attacks, both CISA and FBI are recommending organizations to enforce and review multi-factor authentication configuration policies, disable inactive accounts in Active Directory, and prioritize patching for [known exploited flaws](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>).\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-16T13:29:00", "type": "thn", "title": "FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-03-16T13:29:45", "id": "THN:A52CF43B8B04C0A2F8413E17698F9308", "href": "https://thehackernews.com/2022/03/fbi-cisa-warn-of-russian-hackers.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:39:22", "description": "[](<https://thehackernews.com/images/-J4q0IawSomE/YOSMoHyRjgI/AAAAAAAABHE/cP0YFHHZFtA9uluA4FTtUF6qLpRtEeAEgCLcBGAsYHQ/s0/Microsoft-PrintSpooler-Vulnerability.jpg>)\n\nThis week, **PrintNightmare** \\- Microsoft's Print Spooler vulnerability (CVE-2021-34527) was upgraded from a 'Low' criticality to a 'Critical' criticality.\n\nThis is due to a Proof of Concept published on GitHub, which attackers could potentially leverage for gaining access to Domain Controllers.\n\nAs we [reported earlier](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>), Microsoft already released a patch in June 2021, but it wasn't enough to stop exploits. Attackers can still use Print Spooler when connecting remotely. You can find all you need to know about this vulnerability in this article and how you can mitigate it (and you can). \n\n**Print Spooler in a nutshell:** Print Spooler is Microsoft's service for managing and monitoring files printing. This service is among Microsoft's oldest and has had minimal maintenance updates since it was released. \n\nEvery Microsoft machine (servers and endpoints) has this feature enabled by default.\n\n**PrintNightmare vulnerability:** As soon as an attacker gains limited user access to a network, he will be able to connect (directly or remotely) to the Print Spooler. Since the Print Spooler has direct access to the kernel, the attacker can use it to gain access to the operating system, run remote code with system privileges, and ultimately attack the Domain Controller.\n\nYour best option when it comes to mitigating the PrintNightmare vulnerability is to disable the Print Spooler on every server and/or sensitive workstation (such as administrators' workstations, direct internet-facing workstations, and non-printing workstations).\n\nThis is what Dvir Goren's, hardening expert and CTO at [CalCom Software Solutions](<https://www.calcomsoftware.com/?utm_source=HN>), suggests as your first move towards mitigation.\n\nFollow these steps to disable the Print Spooler service on Windows 10:\n\n 1. Open Start.\n 2. Search for PowerShell, right-click on it and select the Run as administrator.\n 3. Type the command and press Enter: _Stop-Service -Name Spooler -Force_\n 4. Use this command to prevent the service from starting back up again during restart: Set-Service -Name Spooler -StartupType Disabled\n\nAccording to Dvir's experience, 90% of servers do not require Print Spooler. It is the default configuration for most of them, so it is usually enabled. As a result, disabling it can solve 90% of your problem and have little impact on production.\n\nIn large and complex infrastructures, it can be challenging to locate where Print Spooler is used.\n\nHere are a few examples where Print Spooler is required:\n\n 1. When using Citrix services,\n 2. Fax servers,\n 3. Any application requiring virtual or physical printing of PDFs, XPSs, etc. Billing services and wage applications, for example.\n\nHere are a few examples when Print Spooler is not needed but enabled by default:\n\n 1. Domain Controller and Active Directory \u2013 the main risk in this vulnerability can be neutralized by practicing basic cyber hygiene. It makes no sense to have Print Spooler enabled in DCs and AD servers. \n 2. Member servers such as SQL, File System, and Exchange servers. \n 3. Machines that do not require printing. \n\nA few other hardening steps suggested by Dvir for machines dependent on Print Spooler include:\n\n 1. Replace the vulnerable Print Spooler protocol with a non-Microsoft service. \n 2. By changing 'Allow Print Spooler to accept client connections', you can restrict users' and drivers' access to the Print Spooler to groups that must use it.\n 3. Disable Print Spooler caller in Pre-Windows 2000 compatibility group.\n 4. Make sure that Point and Print is not configured to No Warning \u2013 check registry key SOFTWARE/Policies/Microsoft/Windows NT/Printers/PointAndPrint/NoElevationOnInstall for DWORD value 1 and change it to 0.\n 5. Turn off EnableLUA \u2013 check registry key SOFTWARE/Microsoft/Windows/CurrentVersion/Policies/System/EnableLUA for DWORD value 0 and change it to 1.\n\nHere's what you need to do next to ensure your organization is secure:\n\n 1. Identify where Print Spooler is being used on your network. \n 2. Map your network to find the machines that must use Print Spooler.\n 3. Disable Print Spooler on machines that do not use it. \n 4. For machines that require Print Spooler \u2013 configure them in a way to minimize its attack surface. \n\nBeside this, to find potential evidence of exploitation, you should also monitor Microsoft-Windows-PrintService/Admin log entries. There might be entries with error messages that indicate Print Spooler can't load plug-in module DLLs, although this can also happen if an attacker packaged a legitimate DLL that Print Spooler demands.\n\nThe final recommendation from Dvir is to implement these recommendations through[ hardening automation tools](<https://www.calcomsoftware.com/best-hardening-tools/?utm_source=HN>). Without automation, you will spend countless hours attempting to harden manually and may end up vulnerable or causing systems to go down\n\nAfter choosing your course of action, a [Hardening automation tool](<https://www.calcomsoftware.com/server-hardening-suite/?utm_source=HN>) will discover where Print Spooler is enabled, where they are actually used, and disable or reconfigure them automatically.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-08T09:32:00", "type": "thn", "title": "How to Mitigate Microsoft Print Spooler Vulnerability \u2013 PrintNightmare", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-08T15:05:22", "id": "THN:10A732F6ED612DC7431BDC9A3CEC3A29", "href": "https://thehackernews.com/2021/07/how-to-mitigate-microsoft-print-spooler.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-07-06T07:58:10", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEhW8mCPe27LdzHLP4ngj6tlt2Pg8kCf_fM8vePiD96oqVL7MUOW8zxZlXFGU1HvblavK2Xdcm0tf2j7r5qbvTV9iW1N9M95vbWmuFsGUq0MkEeY7rnkpeop76NG41Eys_CeiCVl0xS8l4E21-RosfCrVOTGYR8jNw1F5Q2v-OjF2MeqKfBbPn6bDseq/s728-e100/ransomware.jpg>)\n\nCybersecurity researchers have detailed the various measures ransomware actors have taken to obscure their true identity online as well as the hosting location of their web server infrastructure.\n\n\"Most ransomware operators use hosting providers outside their country of origin (such as Sweden, Germany, and Singapore) to host their ransomware operations sites,\" Cisco Talos researcher Paul Eubanks [said](<https://blog.talosintelligence.com/2022/06/de-anonymizing-ransomware-domains-on.html>). \"They use VPS hop-points as a proxy to hide their true location when they connect to their ransomware web infrastructure for remote administration tasks.\"\n\nAlso prominent are the use of the TOR network and DNS proxy registration services to provide an added layer of anonymity for their illegal operations.\n\nBut by taking advantage of the threat actors' operational security missteps and other techniques, the cybersecurity firm disclosed last week that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown infrastructure associated with [DarkAngels](<https://blog.cyble.com/2022/05/06/rebranded-babuk-ransomware-in-action-darkangels-ransomware-performs-targeted-attack/>), [Snatch](<https://malpedia.caad.fkie.fraunhofer.de/details/win.snatch>), [Quantum](<https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware>), and [Nokoyawa](<https://malpedia.caad.fkie.fraunhofer.de/details/win.nokoyawa>) ransomware groups.\n\nWhile ransomware groups are known to rely on the dark web to conceal their illicit activities ranging from leaking stolen data to negotiating payments with victims, Talos disclosed that it was able to identify \"public IP addresses hosting the same threat actor infrastructure as those on the dark web.\"\n\n\"The methods we used to identify the public internet IPs involved matching threat actors' [self-signed] [TLS certificate](<https://www.digicert.com/tls-ssl/tls-ssl-certificates>) serial numbers and page elements with those indexed on the public internet,\" Eubanks said.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjaV9wVlzzeADW3plTap4jOh9fqaG1M5Q8q7q-pX6vbN6EAWqHqnEEvq-nA0yW2N64kchUyacQRbSQXnYk0i2qcd2Lxjiu4alpeum5cu6QCPMBvjt90TSKl-7opy4d0YCn8MX_tPYh7B04Vidh2gZfgYJXxKGevp9NbNa8lZg-DQGZXl7xjDrvwfK89/s728-e100/cert.jpg>)\n\nBesides TLS certificate matching, a second method employed to uncover the adversaries' clear web infrastructures entailed checking the favicons associated with the darknet websites against the public internet using web crawlers like Shodan.\n\nIn the case of [Nokoyawa](<https://www.fortinet.com/blog/threat-research/nokoyawa-variant-catching-up>), a new Windows ransomware strain that appeared earlier this year and shares substantial code similarities with Karma, the site hosted on the TOR hidden service was found to harbor a directory traversal flaw that enabled the researchers to access the \"[/var/log/auth.log](<https://help.ubuntu.com/community/LinuxLogFiles>)\" file used to capture user logins.\n\nThe findings demonstrate that not only are the criminal actors' leak sites accessible for any user on the internet, other infrastructure components, including identifying server data, were left exposed, effectively making it possible to obtain the login locations used to administer the ransomware servers.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEiKBfxqmczj3qrieqIFbqxh8pEIBTtSz9_BdFyfDEKmGEjCUPpH7QhuZsHt6jxBWgKWU2wcnFlthPIVmExegrtxg0bzvUln74smXx6Krggvf6_bQ9tr_o1NRTxCcjmsINrMdRyZpvXHdS8zZSeFCw8zi_qx2puc2SGz4zIL9dtTRKkdNSYZMGX3KE3p/s728-e100/keys.jpg>)\n\nFurther analysis of the successful root user logins showed that they originated from two IP addresses 5.230.29[.]12 and 176.119.0[.]195, the former of which belongs to GHOSTnet GmbH, a hosting provider that offers Virtual Private Server (VPS) services.\n\n\"176.119.0[.]195 however belongs to AS58271 which is listed under the name Tyatkova Oksana Valerievna,\" Eubanks noted. \"It's possible the operator forgot to use the German-based VPS for obfuscation and logged into a session with this web server directly from their true location at 176.119.0[.]195.\"\n\n### LockBit adds a bug bounty program to its revamped RaaS operation\n\nThe development comes as the operators of the emerging [Black Basta](<https://thehackernews.com/2022/06/cybersecurity-experts-warn-of-emerging.html>) ransomware [expanded](<https://www.trendmicro.com/en_us/research/22/f/black-basta-ransomware-operators-expand-their-attack-arsenal-wit.html>) their attack arsenal by using QakBot for initial access and lateral movement, and taking advantage of the PrintNightmare vulnerability ([CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-new-unpatched.html>)) to conduct privileged file operations.\n\nWhat's more, the LockBit ransomware gang last week [announced](<https://twitter.com/vxunderground/status/1541156954214727685>) the release of LockBit 3.0 with the message \"Make Ransomware Great Again!,\" in addition to launching their own Bug Bounty program, offering rewards ranging between $1,000 and $1 million for identifying security flaws and \"brilliant ideas\" to improve its software.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjwyY9trUR2Z6AyEmJ7Zm0vLXiYawK0UpJysKcAGEK4eyTyY-cibr3Vgf7ATbqzCSSUqeTQTR_TQkAtJ5XPpqiw8JZnWQg1KTo0ktefqdmaqc8XFgVp27DzMej76ut1FMMJ8h0r2U-UR72FNxbM4_q9ph1cAzMroG_05T9as1lDjAVK34y53Er0koFQ/s728-e100/bug.jpg>)\n\n\"The release of LockBit 3.0 with the introduction of a bug bounty program is a formal invitation to cybercriminals to help assist the group in its quest to remain at the top,\" Satnam Narang, senior staff research engineer at Tenable, said in a statement shared with The Hacker News.\n\n\"A key focus of the bug bounty program are defensive measures: Preventing security researchers and law enforcement from finding bugs in its leak sites or ransomware, identifying ways that members including the affiliate program boss could be doxed, as well as finding bugs within the messaging software used by the group for internal communications and the Tor network itself.\"\n\n\"The threat of being doxed or identified signals that law enforcement efforts are clearly a great concern for groups like LockBit. Finally, the group is planning to offer Zcash as a payment option, which is significant, as Zcash is harder to trace than Bitcoin, making it harder for researchers to keep tabs on the group's activity.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-05T07:06:00", "type": "thn", "title": "Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2022-07-06T06:06:49", "id": "THN:849B821D3503018DA38FAFFBC34DAEBB", "href": "https://thehackernews.com/2022/07/researchers-share-techniques-to-uncover.html", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-09T12:38:05", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEguJG5dD1Vh67fJlg0O-HXucpsF2Y-eVW6kua8F3Er_7OwG5WZpZAqvZHKbXJboPvuTyfrTXpc260OZ87-4ehJm-_qY8JOnLJxhWok-es74ZTW3O7ua3WuueglfYtH7632jDmh5DfPftDD998FED2xruJFMtTPwe_eI7umOKXrdazu4WRTC-OnHg7ND>)\n\nThe clearnet and dark web payment portals operated by the [Conti](<https://thehackernews.com/2021/05/fbi-warns-conti-ransomware-hit-16-us.html>) ransomware group have gone down in what appears to be an attempt to shift to new infrastructure after details about the gang's inner workings and its members were made public.\n\nAccording to [MalwareHunterTeam](<https://twitter.com/malwrhunterteam/status/1461450607311605766>), \"while both the clearweb and Tor domains of the leak site of the Conti ransomware gang is online and working, both their clearweb and Tor domains for the payment site (which is obviously more important than the leak) is down.\"\n\nIt's not clear what prompted the shutdown, but the development comes as Swiss cybersecurity firm PRODAFT [offered](<https://www.prodaft.com/resource/detail/conti-ransomware-group-depth-analysis>) an unprecedented look into the group's ransomware-as-a-service (RaaS) model, wherein the developers sell or lease their ransomware technology to affiliates hired from darknet forums, who then carry out attacks on their behalf while also netting about 70% of each ransom payment extorted from the victims.\n\nThe result? Three members of the Conti team have been identified so far, each playing the roles of admin (\"Tokyo\"), assistant (\"it_work_support@xmpp[.]jp\"), and recruiter (\"IT_Work\") to attract new affiliates into their network.\n\nWhile ransomware attacks work by encrypting the victims' sensitive information and rendering it inaccessible, threat actors have increasingly latched on to a two-pronged strategy called double extortion to demand a ransom payment for decrypting the data and threaten to publicly publish the stolen information if the payment is not received within a specific deadline.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgOlxdMar0Fk9C_1oq4rsZqCsRuaWDFa_UwPznj1p4XnxV22g7c-3gidrF7ZVnxd0TVDTn8qhzr16V265fVSa3d-p7SOODkUMikIREYKzV6MyCaPI1KWzNgYj3TduhqzgszRUX6zZkCytED5c4K-icaEZjwN4cvwnz1D0zehnwVGdYAwJXLo8uaJijX>)\n\n\"Conti customers \u2013 affiliate threat actors \u2013 use [a digital] management panel to create new ransomware samples, manage their victims, and collect data on their attacks,\" noted the researchers, detailing the syndicate's attack kill chain leveraging PrintNightmare ([CVE-2021-1675](<https://thehackernews.com/2021/06/researchers-leak-poc-exploit-for.html>), [CVE-2021-34527](<https://thehackernews.com/2021/07/microsoft-warns-of-critical.html>), and [CVE-2021-36958](<https://thehackernews.com/2021/08/microsoft-security-bulletin-warns-of.html>)) and FortiGate ([CVE-2018-13374](<https://nvd.nist.gov/vuln/detail/CVE-2018-13374>) and [CVE-2018-13379](<https://thehackernews.com/2021/09/hackers-leak-vpn-account-passwords-from.html>)) vulnerabilities to compromise unpatched systems.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEh5pQ7nISIe-f2lC7T7iJVkfmQ4L9uCXsO1rxdPo0YzkwJ4-Q15UkgDuRGhckTpdbAYrR1h3kYePBPrRNFWefg6MtaX_jlMsgcojwvu-zrrtvaw0hKxGJkD-dTl06UiZOX1R5kuboLkxyuot8hDBrgxX1fH8yoVdsv0e1f0rvziG6_Mw-IWMJUBBgQg>)\n\nEmerging on the cybercrime landscape in October 2019, Conti is believed to be the work of a Russia-based threat group called [Wizard Spider](<https://malpedia.caad.fkie.fraunhofer.de/actor/wizard_spider>), which is also the operator of the infamous [TrickBot](<https://thehackernews.com/2021/11/trickbot-operators-partner-with-shatak.html>) banking malware. Since then, at least 567 different companies have had their business-critical data exposed on the victim shaming site, with the ransomware cartel receiving over 500 bitcoin ($25.5 million) in payments since July 2021.\n\nWhat's more, an analysis of ransomware samples and the bitcoin wallet addresses utilized for receiving the payments has revealed a connection between Conti and Ryuk, with both families heavily banking on TrickBot, Emotet, and BazarLoader for actually [delivering the file-encrypting payloads](<https://thehackernews.com/2021/06/ransomware-attackers-partnering-with.html>) onto victim's networks via email phishing and other social engineering schemes.\n\n[](<https://thehackernews.com/new-images/img/a/AVvXsEgySne4_su9eRCap6MABBaa8kbBo2rWbr8gzBUOmkmLhbonXU-etPl5K4VuXHkduN2lH7fMHbQ7q8Wq0HsqBnUz9P3JWJBqtztJQAEPOJWnoAVuecd8Zyblq-TOPPfmILc40tmzfs9VX0h_utrR3fydA8JQm8EO0PO7BIKlRaSIBA8_I717s_bvckQ5>)\n\nPRODAFT said it was also able to gain access to the group's recovery service and an admin management panel hosted as a Tor hidden service on an Onion domain, revealing extensive details of a clearnet website called \"contirecovery[.]ws\" that contains instructions for purchasing decryption keys from the affiliates. Interestingly, an investigation into Conti's ransomware negotiation process [published](<https://team-cymru.com/blog/2021/10/05/collaborative-research-on-the-conti-ransomware-group/>) by Team Cymru last month highlighted a similar open web URL named \"contirecovery[.]info.\"\n\n\"In order to tackle the complex challenge of disrupting cybercriminal organizations, public and private forces need to work collaboratively with one another to better understand and mitigate the wider legal and commercial impact of the threat,\" the researchers said.\n\n**_Update:_** The Conti ransomware's payment [portals](<https://twitter.com/VK_Intel/status/1461810216241086467>) are back up and running, more than 24 hours after they were first taken down in response to a report that identified the real IP address of one of its recovery (aka payment) servers \u2014 217.12.204[.]135 \u2014 thereby effectively bolstering its security measures.\n\n\"Looks like Europeans have also decided to abandon their manners and go full-gansta simply trying to break our systems,\"the gang said in a statement posted on their blog, effectively confirming PRODAFT's findings, but characterizing the details as \"simply disinformation,\" and that \"the reported 25kk which we 'made since July' is straight-up BS - we've made around 300kk at least.\"\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-19T06:50:00", "type": "thn", "title": "Experts Expose Secrets of Conti Ransomware Group That Made 25 Million from Victims", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13374", "CVE-2018-13379", "CVE-2021-1675", "CVE-2021-34527", "CVE-2021-36958"], "modified": "2021-11-20T15:13:21", "id": "THN:F35E41E26872B23A7F620C6D8F7E2334", "href": "https://thehackernews.com/2021/11/experts-expose-secrets-of-conti.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page. **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information. \nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the July 13, 2021 servicing stack update (SSU) (KB5004748) or the latest SSU (KB5005412) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005031>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005031](<https://download.microsoft.com/download/5/9/0/5901bffe-66e8-4289-9077-b87ae1af9813/5005031.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005031 (OS Build 18363.1734)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005031", "href": "https://support.microsoft.com/en-us/help/5005031", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). **Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\n**Note **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\n**Note: **This release also contains updates for Microsoft HoloLens (OS Build 19041.1159) released August 10, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n### Windows 10 servicing stack update - 19041.1161, 19042.1161, and 19043.1161\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps. | To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing the June 21, 2021 (KB5003690) update, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment or when installing the standalone package from Microsoft Update Catalog:If your devices do not have the May 11, 2021 update (KB5003173) or later LCU, you **must **install the special standalone August 10, 2021 SSU (KB5005260).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005033>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005033](<https://download.microsoft.com/download/1/e/e/1eeb7268-cb6a-4865-a98b-9c51f0ec7beb/5005033.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1161, 19042.1161, and 19043.1161](<https://download.microsoft.com/download/f/7/4/f74513f3-7838-4538-89f5-8be86d571826/SSU_version_19041_1161.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005033 (OS Builds 19041.1165, 19042.1165, and 19043.1165)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005033", "href": "https://support.microsoft.com/en-us/help/5005033", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history home page.\n\n**Note **This release also contains updates for Microsoft HoloLens (OS Build 17763.2114) released August 10, 2021. Microsoft will release an update directly to the Windows Update Client to improve Windows Update reliability on Microsoft HoloLens that have not updated to this most recent OS Build.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing KB4493509, devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| This issue is addressed by updates released June 11, 2019 and later. We recommend you install the latest security updates for your device. Customers installing Windows Server 2019 using media should install the latest [Servicing Stack Update (SSU)](<https://docs.microsoft.com/windows/deployment/update/servicing-stack-updates>) before installing the language pack or other optional components. If using the [Volume Licensing Service Center (VLSC)](<https://www.microsoft.com/licensing/servicecenter/default.aspx>), acquire the latest Windows Server 2019 media available. The proper order of installation is as follows:\n\n 1. Install the latest prerequisite SSU, currently [KB5005112](<https://support.microsoft.com/help/5005112>)\n 2. Install optional components or language packs\n 3. Install latest cumulative update\n**Note** Updating your device will prevent this issue, but will have no effect on devices already affected by this issue. If this issue is present in your device, you will need to use the workaround steps to repair it.**Workaround:**\n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/windows/manage-the-input-and-display-language-settings-in-windows-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2>).\n 2. Click **Check for Updates **and install the April 2019 Cumulative Update or later. For instructions, see [Update Windows 10](<https://support.microsoft.com/windows/update-windows-3c5ae7fc-9fb6-9af1-1984-b5e0412c556a>).\n**Note **If reinstalling the language pack does not mitigate the issue, use the In-Place-Upgrade feature. For guidance, see [How to do an in-place upgrade on Windows](<https://docs.microsoft.com/troubleshoot/windows-server/deployment/repair-or-in-place-upgrade>), and [Perform an in-place upgrade of Windows Server](<https://docs.microsoft.com/windows-server/get-started/perform-in-place-upgrade>). \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5005112) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005030>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005030](<https://download.microsoft.com/download/3/f/c/3fc996a5-7267-4a7c-9a5b-83ade06204dc/5005030.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005030 (OS Build 17763.2114)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36942", "CVE-2021-36948"], "modified": "2021-08-10T07:00:00", "id": "KB5005030", "href": "https://support.microsoft.com/en-us/help/5005030", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:07", "description": "None\n**6/21/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**11/17/20**For information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 2004 update history [home page](<https://support.microsoft.com/en-us/help/4555932>). \n**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\n**Note: **To view the list of addressed issues, click or tap the OS name to expand the collapsible section.\n\n### \n\n__\n\nWindows 10 servicing stack update - 19041.1081, 19042.1081, and 19043.1081\n\n * This update makes quality improvements to the servicing stack, which is the component that installs Windows updates. Servicing stack updates (SSU) ensure that you have a robust and reliable servicing stack so that your devices can receive and install Microsoft updates.\n\n### \n\n__\n\nWindows 10, version 21H1\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 20H2\n\nThis security update includes quality improvements. Key changes include:\n\n * This build includes all the improvements from Windows 10, version 2004.\n * No additional issues were documented for this release.\n\n### \n\n__\n\nWindows 10, version 2004\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n**Windows Update Improvements** \n \nMicrosoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptoms**| **Workaround** \n---|--- \nWhen using the Microsoft Japanese Input Method Editor (IME) to enter Kanji characters in an app that automatically allows the input of Furigana characters, you might not get the correct Furigana characters. You might need to enter the Furigana characters manually.**Note **The affected apps are using the **ImmGetCompositionString()** function.| This issue is resolved in KB5005101. \nDevices with Windows installations created from custom offline media or custom ISO image might have [Microsoft Edge Legacy](<https://support.microsoft.com/en-us/microsoft-edge/what-is-microsoft-edge-legacy-3e779e55-4c55-08e6-ecc8-2333768c0fb0>) removed by this update, but not automatically replaced by the new Microsoft Edge. This issue is only encountered when custom offline media or ISO images are created by slipstreaming this update into the image without having first installed the standalone servicing stack update (SSU) released March 29, 2021 or later.**Note **Devices that connect directly to Windows Update to receive updates are not affected. This includes devices using Windows Update for Business. Any device connecting to Windows Update should always receive the latest versions of the SSU and latest cumulative update (LCU) without any extra steps.| To avoid this issue, be sure to first slipstream the SSU released March 29, 2021 or later into the custom offline media or ISO image before slipstreaming the LCU. To do this with the combined SSU and LCU packages now used for Windows 10, version 20H2 and Windows 10, version 2004, you will need to extract the SSU from the combined package. Use the following steps to extract the SSU:\n\n 1. Extract the cab from the msu via this command line (using the package for KB5000842 as an example): **expand Windows10.0-KB5000842-x64.msu /f:Windows10.0-KB5000842-x64.cab &lt;destination path&gt;**\n 2. Extract the SSU from the previously extracted cab via this command line: **expand Windows10.0-KB5000842-x64.cab /f:* &lt;destination path&gt;**\n 3. You will then have the SSU cab, in this example named **SSU-19041.903-x64.cab**. Slipstream this file into your offline image first, then the LCU.\nIf you have already encountered this issue by installing the OS using affected custom media, you can mitigate it by directly installing the [new Microsoft Edge](<https://www.microsoft.com/edge>). If you need to broadly deploy the new Microsoft Edge for business, see [Download and deploy Microsoft Edge for business](<https://www.microsoft.com/edge/business/download>). \nAfter installing this update, you might have issues printing to certain printers. Various brands and models are affected, primarily receipt or label printers that connect via USB.**Note **This issue is not related to [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) or [CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>).| This issue is resolved in KB5004237. \nAfter installing the May 25, 2021 (KB5003214) and June 21, 2021 (KB5003690) updates, some devices cannot install new updates, such as the July 6, 2021 (KB5004945) or later updates. You will receive the error message, \"PSFX_E_MATCHING_BINARY_MISSING\".| For more information and a workaround, see KB5005322. \nUniversal Windows Platform (UWP) apps might not open on devices that have undergone a Windows device reset. This includes operations that were initiated using Mobile Device Management (MDM), such as Reset this PC, Push-button reset, and Autopilot Reset. UWP apps you downloaded from the Microsoft Store are not affected. Only a limited set of apps are affected, including:\n\n * App packages with framework dependencies\n * Apps that are provisioned for the device, not per user account.\nThe affected apps will fail to open without error messages or other observable symptoms. They must be re-installed to restore functionality.| This issue is addressed in KB5015878 for all releases starting June 21, 2021 and later. \n \n## How to get this update\n\n**Before installing this update**Microsoft now combines the latest servicing stack update (SSU) for your operating system with the latest cumulative update (LCU). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.Prerequisite:For Windows Server Update Services (WSUS) deployment:\n\n * Install the May 11, 2021 update (KB5003173) before you install the latest cumulative update.\nFor offline Deployment Image Servicing and Management (**DISM.exe**) deployment:\n\n * If an image does not have the February 24, 2021 (KB4601382) or later cumulative update, install the January 12, 2021 SSU (KB4598481) and the May 11, 2021 update (KB5003173).\n**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. These changes will be included in the next security update to this channel. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004945>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n \n**If you want to remove the LCU**To remove the LCU after installing the combined SSU and LCU package, use the [DISM/Remove-Package](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/dism-operating-system-package-servicing-command-line-options>) command line option with the LCU package name as the argument. You can find the package name by using this command: **DISM /online /get-packages**.Running [Windows Update Standalone Installer](<https://support.microsoft.com/en-us/topic/description-of-the-windows-update-standalone-installer-in-windows-799ba3df-ec7e-b05e-ee13-1cdae8f23b19>) (**wusa.exe**) with the **/uninstall **switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.\n\n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004945](<https://download.microsoft.com/download/6/0/4/6046cc97-919a-434d-86de-db2fe63580d0/5004945.csv>). For a list of the files that are provided in the servicing stack update, download the [file information for the SSU - version 19041.1081, 19042.1081, and 19043.1081](<https://download.microsoft.com/download/6/2/d/62d4d81c-0498-4abf-95e7-b9be18ddcabd/SSU_version_19041_1081.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004945 (OS Builds 19041.1083, 19042.1083, and 19043.1083) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004945", "href": "https://support.microsoft.com/en-us/help/5004945", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nWSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391](<https://support.microsoft.com/help/5005390>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KBNNNNNNN>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005095](<https://download.microsoft.com/download/2/f/9/2f99a9fc-08b2-4463-9199-43e8f557ead0/5005095.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005095 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005095", "href": "https://support.microsoft.com/en-us/help/5005095", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005392](<https://support.microsoft.com/help/5005392>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005089>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005089](<https://download.microsoft.com/download/d/0/4/d0487f5c-6448-4a25-badb-8fcab6fc55bf/5005089.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005089 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005089", "href": "https://support.microsoft.com/en-us/help/5005089", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:18", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions. If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005040>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005040](<https://download.microsoft.com/download/5/2/5/5258a9c1-9a52-4572-820f-3cf7336f0291/5005040.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005040 (OS Build 10240.19022)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36938", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005040", "href": "https://support.microsoft.com/en-us/help/5005040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005389](<https://support.microsoft.com/help/5005389>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KBNNNNNNN>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005094](<https://download.microsoft.com/download/4/d/f/4dfb503a-e6e6-464c-a027-c7cfe76e0792/5005094.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005094 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005094", "href": "https://support.microsoft.com/en-us/help/5005094", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004289](<https://support.microsoft.com/help/5004289>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005392](<https://support.microsoft.com/help/5005392>).\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**How to get this update****Symptom **| **Workaround ** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005088>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005088](<https://download.microsoft.com/download/5/1/c/51cfa686-f644-4875-b76b-610d21809361/5005088.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005088 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005088", "href": "https://support.microsoft.com/en-us/help/5005088", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004298](<https://support.microsoft.com/help/5004298>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391.](<https://support.microsoft.com/help/5005391>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005076>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005076](<https://download.microsoft.com/download/f/e/9/fe907252-2606-4ef8-b4cd-bfe1b3bbae60/5005076.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005076 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005076", "href": "https://support.microsoft.com/en-us/help/5005076", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:21", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004294](<https://support.microsoft.com/help/5004294>) (released previous July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005389.](<https://support.microsoft.com/help/5005389>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005099>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005099](<https://download.microsoft.com/download/5/4/b/54b50378-2639-49db-8cb2-4b4241268317/5005099.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005099 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005099", "href": "https://support.microsoft.com/en-us/help/5005099", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:19", "description": "None\n**7/13/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\n * Updates an issue that renders some Yu Gothic and Yu Mincho characters incorrectly in vertical writing mode. \n * Updates an issue with zoom that occurs when you use Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.\n * Updates the default installation privilege requirement so that you must be an administrator to install drivers when using [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses an issue that renders some Yu Gothic and Yu Mincho characters incorrectly in vertical writing mode.\n * Addresses an issue with zoom that occurs when using Microsoft Edge IE Mode on devices that use multiple high-DPI monitors.\n * Addresses an issue that causes Windows to stop working when it uses AppLocker to validate a file that has multiple signatures. The error is 0x3B.\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue with Administrative Template settings you configure using a Group Policy Object (GPO). When you change the value of the policy settings to NOT CONFIGURED, the system continues to apply the previous settings instead of removing them. This issue occurs after installing the June 2020 or later updates and is most noticeable with roaming user profiles.\n * Addresses an issue in which an extra dereference against a sign in session causes **lsass.exe** to stop working after the user signs out.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API [OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>), often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. OpenEncryptedFileRaw will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in CVE-2021-36942.**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001402) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005043>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5005043](<https://download.microsoft.com/download/c/8/4/c84ac030-6839-4436-9f81-8090e3f21e79/5005043.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005043 (OS Build 14393.4583)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36938", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005043", "href": "https://support.microsoft.com/en-us/help/5005043", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:20", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5004305](<https://support.microsoft.com/help/5004305>) (released July 13, 2021) and addresses the following issues:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005390.](<https://support.microsoft.com/help/5005390>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005090>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005090](<https://download.microsoft.com/download/3/e/d/3ed5bcad-9cd8-4084-860a-0eeff78ed341/5005090.csv>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005090 (Monthly Rollup)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005090", "href": "https://support.microsoft.com/en-us/help/5005090", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:21", "description": "None\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Changes the default privilege requirement for installing drivers when using Point and Print. After installing this update, you must have administrative privileges to install drivers. If you use Point and Print, see [KB5005652](<https://support.microsoft.com/topic/873642bf-2634-49c5-a23b-6d8e9a302872>), [Point and Print Default Behavior Change](<https://aka.ms/PointPrintMSRCBlog>), and [CVE-2021-34481](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) for more information.\n * Addresses an issue in which Smart Card Authentication (PIV) fails on non-RFC compliant printers and scanners requiring smartcard authentication. For more information, see [KB5005391](<https://support.microsoft.com/help/5005391>)\n * This update also contains miscellaneous security improvements to internal OS functionality.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update, the Encrypted File System (EFS) API **[OpenEncryptedFileRaw(A/W)](<https://docs.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-openencryptedfilerawa>)**, often used in backup software, will not work when you back up to or from a Windows Server 2008 SP2 device. **OpenEncryptedFileRaw** will continue to work on all other versions of Windows (local and remote).| This behavior is expected because we addressed the issue in [CVE-2021-36942](<https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2021-36942>).**Note** If you cannot use backup software on Windows 7 SP1 and Server 2008 R2 SP1 or later after installing this update, contact the manufacturer of your backup software for updates and support. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5005036](<https://support.microsoft.com/help/5005036>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005106>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5005106](<https://download.microsoft.com/download/b/d/a/bda94068-ca0a-4edd-825a-7874cd775e75/5005106.csv>). \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "August 10, 2021\u2014KB5005106 (Security-only update)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34481", "CVE-2021-36937", "CVE-2021-36942"], "modified": "2021-08-10T07:00:00", "id": "KB5005106", "href": "https://support.microsoft.com/en-us/help/5005106", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\nThis article applies to the following:\n\n * Internet Explorer 11 on Windows Server 2012 R2\n * Internet Explorer 11 on Windows 8.1\n * Internet Explorer 11 on Windows Server 2012\n * Internet Explorer 11 on Windows Server 2008 R2 SP1\n * Internet Explorer 11 on Windows 7 SP1\n * Internet Explorer 9 on Windows Server 2008 SP2\n\n**Important: **\n\n * As of February 11, 2020, Internet Explorer 10 is no longer in support. To get Internet Explorer 11 for Windows Server 2012 or Windows 8 Embedded Standard, see [KB4492872](<https://support.microsoft.com/help/4492872>). Install one of the following applicable updates to stay updated with the latest security fixes:\n * Cumulative Update for Internet Explorer 11 for Windows Server 2012.\n * Cumulative Update for Internet Explorer 11 for Windows 8 Embedded Standard.\n * The August 2021 Monthly Rollup.\n * Some customers using Windows Server 2008 R2 SP1 who activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU>) post.\n * WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Summary**\n\nThis security update resolves vulnerabilities in Internet Explorer. To learn more about these vulnerabilities, see [Microsoft Common Vulnerabilities and Exposures](<https://portal.msrc.microsoft.com/en-us/security-guidance>).Additionally, see the following articles for more information about cumulative updates:\n\n * [Windows Server 2008 SP2 update history](<https://support.microsoft.com/help/4343218>)\n * [Windows 7 SP1 and Windows Server 2008 R2 SP1 update history](<https://support.microsoft.com/help/4009469>)\n * [Windows Server 2012 update history](<https://support.microsoft.com/help/4009471>)\n * [Windows 8.1 and Windows Server 2012 R2 update history](<https://support.microsoft.com/help/4009470>)\n\n**Important: **\n\n * The fixes that are included in this update are also included in the August 2021 Security Monthly Quality Rollup. Installing either this update or the Security Monthly Quality Rollup installs the same fixes.\n * This update is not applicable for installation on a device on which the Security Monthly Quality Rollup from August 2021 or a later month is already installed. This is because that update contains all the same fixes that are included in this update.\n * If you use update management processes other than Windows Update and you automatically approve all security update classifications for deployment, this update, the August 2021 Security-only Quality Update, and the August 2021 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## **Known issues in this security update**\n\nWe are currently not aware of any issues in this update.\n\n## **How to get and install this update**\n\n**Before installing this update**To install Windows 7 SP1, Windows Server 2008 R2 SP1, or Windows Server 2008 SP2 updates released on or after July 2019, you must have the following required updates installed. If you use Windows Update, these required updates will be offered automatically as needed.\n\n * Install the SHA-2 code signing support updates: \n \nFor Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2008 SP2, you must have the SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) that is dated September 23, 2019 or a later SHA-2 update installed and then restart your device before you apply this update. For more information about SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>). \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)) that is dated March 12, 2019. After update [KB4490628](<https://support.microsoft.com/help/4490628>) is installed, we recommend that you install the July 13, 2021 SSU ([KB5004378](<https://support.microsoft.com/help/5004378>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>). \n \nFor Windows Server 2008 SP2, you must have installed the servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)) that is dated April 9, 2019. After update [KB4493730](<https://support.microsoft.com/help/4493730>) is installed, we recommend that you install the October 13, 2020 SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)) or a later SSU update. For more information about the latest SSU updates, see [ADV990001 | Latest Servicing Stack Updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV990001>).\n * Install the Extended Security Update (ESU): \n \nFor Windows 7 SP1 and Windows Server 2008 R2 SP1, you must have installed the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/en/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). \n \nFor Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, you must have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems and follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n * For Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>). \n \nFor Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services. \n \nFor Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.**Important **You must restart your device after you install these required updates.**Install this update**To install this update, use one of the following release channels.**Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other following options. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5005036>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically synchronize with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2, Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Embedded 8 Standard, Windows 8.1, Windows Server 2012 R2**Classification**: Security Updates \n \n## **File information**\n\nThe English (United States) version of this software update installs files that have the attributes that are listed in the following tables.**Note** The MANIFEST files (.manifest) and MUM files (.mum) that are installed are not listed.\n\n### Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:23| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:26| 230,912 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 20:55| 489,472 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:52| 38,912 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:35| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:36| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:33| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 19:47| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:29| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:31| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:30| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:23| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:37| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:38| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:32| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 1:34| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Resources.dll| 11.0.9600.18939| 10-Feb-2018| 9:17| 10,948,096 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nF12.dll| 11.0.9600.19963| 12-Feb-2021| 18:17| 1,207,808 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:40| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nieetwcollector.exe| 11.0.9600.18666| 16-Apr-2017| 0:47| 104,960 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 2:19| 4,096 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 19:58| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 19:58| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 19:58| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 19:58| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:36| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 22:32| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20045| 4-Jun-2021| 21:48| 1,399,296 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:18| 65 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \ndesktop.ini| Not versioned| 18-Jun-2013| 5:19| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:11| 692,224 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:23| 154,112 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 124,928 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:11| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:26| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:40| 24,486 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:38| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:30| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:31| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:29| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 20:28| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:25| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:41| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:30| 2,882,048 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 21:22| 108,544 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 19:18| 65,024 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:48| 1,562,624 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 23:30| 817,296 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 21:51| 43,008 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:35| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:01| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:20| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:00| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:59| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:58| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 16:02| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 15:57| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:39| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:38| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:39| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:37| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:27| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:34| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 22:23| 417,280 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:42| 2,132,992 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:33| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:18| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:15| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:26| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 10-Jul-2019| 0:25| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:12| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:43| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:13| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:06| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:04| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:16| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 22:17| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:40| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:47| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 276,480 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:08| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:19| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:41| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:12| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:14| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:15| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:20| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 21:04| 4,858,880 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 21:57| 54,784 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 2:49| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:38| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:39| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:40| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:36| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 2:53| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:21| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:18| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:19| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:17| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:16| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:40| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:18| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:14| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 16:13| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:16| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 17:17| 75,776 \nieui.dll| 11.0.9600.20045| 4-Jun-2021| 22:15| 615,936 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:45| 381,952 \ninstall.ins| Not versioned| 12-Jul-2021| 19:07| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 800,768 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:41| 145,920 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 21:40| 33,280 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:47| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.18895| 1-Jan-2018| 21:32| 666,624 \niedvtool.dll| 11.0.9600.20045| 5-Jun-2021| 0:16| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:21| 50,176 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:53| 491,008 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:40| 316,416 \nEscMigPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 124,416 \nescUnattend.exe| 11.0.9600.19326| 25-Mar-2019| 22:54| 87,040 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:51| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:00| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 20:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:59| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:02| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:01| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:04| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:42| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 5:03| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:58| 3,584 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:51| 245,248 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 19:00| 10,949,120 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:50| 372,224 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:50| 1,422,848 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 809,472 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:54| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 23:54| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 5:16| 60,416 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 22:08| 12,800 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 13,824 \nmshtmled.dll| 11.0.9600.20045| 4-Jun-2021| 21:55| 92,672 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 25,757,696 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 3:30| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:41| 3,228 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 21:54| 132,096 \nieetwcollector.exe| 11.0.9600.18895| 1-Jan-2018| 21:17| 116,224 \nieetwproxystub.dll| 11.0.9600.18895| 1-Jan-2018| 21:28| 48,640 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 3:30| 4,096 \nielowutil.exe| 11.0.9600.17416| 30-Oct-2014| 21:55| 222,720 \nieproxy.dll| 11.0.9600.20045| 4-Jun-2021| 21:13| 870,400 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:29| 387,072 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 22:10| 167,424 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 22:12| 143,872 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 18:08| 51,712 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 21:51| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 22:53| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 591,872 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:44| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 19:01| 1,862,656 \nMshtmlDac.dll| 11.0.9600.19846| 23-Sep-2020| 21:25| 88,064 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 18:38| 1,217,024 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 21:19| 152,064 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:43| 65 \nwebcheck.dll| 11.0.9600.20045| 4-Jun-2021| 21:44| 262,144 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:44| 65 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 579,192 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 403,592 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:01| 107,152 \nmsrating.dll| 11.0.9600.18895| 1-Jan-2018| 20:56| 199,680 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:56| 2,916,864 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 18:28| 728,064 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 21:56| 34,304 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 66,560 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:58| 16,303 \ninseng.dll| 11.0.9600.19101| 18-Jul-2018| 21:03| 107,520 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 21:29| 111,616 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:45| 219,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 19:07| 172,032 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 11:58| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:43| 1,018,880 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 22:06| 237,568 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 23:22| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:15| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:16| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:17| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:18| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:12| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:10| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:49| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:11| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:13| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 24-Sep-2020| 0:14| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 15,507,456 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:41| 24,486 \nieinstal.exe| 11.0.9600.18639| 25-Mar-2017| 10:20| 492,032 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:14| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:01| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:57| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:56| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:03| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:00| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 22:02| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 21:59| 436,651 \ninetres.admx| Not versioned| 8-Feb-2021| 20:02| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 21:06| 1,033,216 \nINETRES.dll| 6.3.9600.16384| 22-Aug-2013| 4:43| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 22:01| 5,507,584 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 19:03| 814,592 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:29| 785,408 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:39| 580,608 \niexplore.exe| 11.0.9600.19036| 24-May-2018| 22:24| 817,296 \nhtml.iec| 2019.0.0.18895| 1-Jan-2018| 20:51| 341,504 \nieui.dll| 11.0.9600.18895| 1-Jan-2018| 20:44| 476,160 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 128,512 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:24| 73,728 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:29| 415,744 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 18:20| 280,064 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:53| 1,518 \nmshta.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 12,800 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 76,800 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 2:20| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:43| 3,228 \nieetwproxystub.dll| 11.0.9600.17416| 30-Oct-2014| 20:23| 47,616 \nieUnatt.exe| 11.0.9600.17416| 30-Oct-2014| 20:12| 115,712 \noccache.dll| 11.0.9600.17416| 30-Oct-2014| 19:48| 130,048 \nwebcheck.dll| 11.0.9600.19963| 12-Feb-2021| 18:13| 230,400 \niernonce.dll| 11.0.9600.17416| 30-Oct-2014| 20:15| 30,720 \niesetup.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 62,464 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:55| 16,303 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 90,624 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nie9props.propdesc| Not versioned| 23-Sep-2013| 19:34| 2,843 \nwow64_ieframe.ptxml| Not versioned| 5-Feb-2014| 21:43| 24,486 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.19963| 12-Feb-2021| 18:37| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 21:32| 1,049,600 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:55| 99,328 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:49| 58,368 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \nWininetPlugin.dll| 6.3.9600.17416| 30-Oct-2014| 20:12| 35,328 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 11:17| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:32| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:31| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:29| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:22| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:30| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:27| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 12:28| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:30| 31,232 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:30| 2,058,752 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 307,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 293,888 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 290,304 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,008 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 303,104 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 20:58| 282,112 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 283,648 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 291,840 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 299,520 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:49| 293,376 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 296,960 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 258,048 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 256,512 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 288,256 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 285,184 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:52| 297,472 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 290,816 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 281,600 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 286,720 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:42| 292,352 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:43| 242,176 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:53| 243,200 \nmshtml.dll.mui| 11.0.9600.19404| 9-Jul-2019| 21:50| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:25| 60,416 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:26| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 11:10| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:24| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:12| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:13| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:07| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:24| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:03| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:05| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:04| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:23| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 20:16| 47,104 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18666| 16-Apr-2017| 1:51| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:12| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:13| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:46| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:11| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 1:47| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:07| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:26| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:25| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 23:25| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 13:56| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:03| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:04| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:09| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 14:10| 75,776 \niedkcs32.dll| 18.0.9600.20045| 4-Jun-2021| 21:34| 333,312 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:20| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 20:03| 27,136 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 22:45| 772,608 \nDiagnosticsTap.dll| 11.0.9600.19963| 12-Feb-2021| 18:28| 175,104 \nF12Tools.dll| 11.0.9600.19963| 12-Feb-2021| 18:27| 256,000 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:49| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:57| 52,736 \nmsfeedssync.exe| 11.0.9600.17416| 30-Oct-2014| 20:25| 11,264 \nIEAdvpack.dll| 11.0.9600.17416| 30-Oct-2014| 20:14| 112,128 \nielowutil.exe| 11.0.9600.19404| 9-Jul-2019| 20:06| 221,184 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:45| 310,784 \nIEShims.dll| 11.0.9600.20045| 4-Jun-2021| 21:12| 290,304 \niexpress.exe| 11.0.9600.17416| 30-Oct-2014| 20:27| 152,064 \nwextract.exe| 11.0.9600.17416| 30-Oct-2014| 20:28| 137,728 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 40,448 \nExtExport.exe| 11.0.9600.17416| 30-Oct-2014| 20:20| 25,600 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 459,776 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 579,584 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:43| 64,000 \nnetworkinspection.dll| 11.0.9600.19846| 23-Sep-2020| 20:28| 1,075,200 \npdm.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 442,992 \nmsdbg2.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 315,008 \npdmproxy100.dll| 12.0.41202.0| 30-Sep-2014| 16:00| 99,984 \nmsrating.dll| 11.0.9600.19507| 5-Oct-2019| 19:57| 168,960 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:25| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:26| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 21:16| 2,308,608 \ninseng.dll| 11.0.9600.17416| 30-Oct-2014| 19:56| 91,136 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 818,176 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 20:24| 235,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:39| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:27| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 23:26| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:29| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:30| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 22:26| 1,890,304 \nieinstal.exe| 11.0.9600.18921| 9-Feb-2018| 21:35| 475,648 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:41| 880,640 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 21:14| 84,480 \n \n### \n\n__\n\nInternet Explorer 11 on all supported Arm-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nactxprxy.dll| 6.3.9600.20045| 4-Jun-2021| 20:58| 1,064,960 \nhlink.dll| 6.3.9600.19101| 18-Jul-2018| 20:30| 68,608 \npngfilt.dll| 11.0.9600.19963| 12-Feb-2021| 18:21| 47,616 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:05| 1,035,264 \niexplore.exe| 11.0.9600.19867| 12-Oct-2020| 22:01| 807,816 \nWininetPlugin.dll| 6.3.9600.16384| 21-Aug-2013| 19:52| 33,792 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 46,592 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 56,320 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 57,856 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 10:19| 49,664 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 47,616 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 49,152 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 55,296 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 45,056 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 39,424 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 35,840 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:10| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:09| 53,760 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 54,272 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 51,200 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 53,248 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 51,712 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:07| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,688 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 50,176 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:06| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nwininet.dll.mui| 11.0.9600.18538| 12-Nov-2016| 13:08| 31,232 \nhtml.iec| 2019.0.0.20045| 4-Jun-2021| 21:28| 320,000 \ninetcpl.cpl| 11.0.9600.20045| 4-Jun-2021| 21:05| 2,007,040 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 307,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,888 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,304 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,008 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 303,104 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:16| 282,112 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 283,648 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 291,840 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 299,520 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 275,968 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:52| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 293,376 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 296,960 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 258,048 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 256,512 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 289,280 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 288,256 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 285,184 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 297,472 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 295,424 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 294,400 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 292,864 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 290,816 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:50| 286,208 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 281,600 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 286,720 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 292,352 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:48| 242,176 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nmshtml.dll.mui| 11.0.9600.19507| 5-Oct-2019| 20:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 73,728 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 78,848 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 61,440 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 74,752 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 62,464 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 75,264 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 73,216 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 41,472 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 37,888 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 68,608 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 67,584 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 74,240 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 70,656 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,680 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 71,168 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 69,632 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:58| 68,096 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 59,904 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 65,536 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 69,120 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 29,696 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 30,720 \nF12Resources.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.19963| 12-Feb-2021| 18:03| 63,488 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.19963| 12-Feb-2021| 18:04| 215,552 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 46,080 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 51,712 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 54,272 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 10:09| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:04| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 45,056 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:54| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,936 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 39,424 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 47,616 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 51,200 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:53| 50,688 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:03| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 50,176 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 49,664 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 48,640 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:59| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 49,152 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 48,128 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 12:58| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nurlmon.dll.mui| 11.0.9600.18378| 11-Jun-2016| 13:02| 35,328 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:04| 4,147,712 \njsproxy.dll| 11.0.9600.17416| 30-Oct-2014| 19:43| 39,936 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 124,928 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 122,880 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,048 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 138,240 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18698| 14-May-2017| 12:41| 114,688 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 131,584 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 117,760 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 122,368 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 134,144 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 107,008 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 127,488 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 128,512 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 88,064 \ninetcpl.cpl.mui| 11.0.9600.18838| 14-Oct-2017| 0:14| 82,944 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 123,392 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 120,320 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 130,560 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 125,952 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 128,000 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 129,024 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 124,416 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 121,856 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 115,712 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 123,904 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:22| 125,440 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:21| 74,752 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:23| 75,776 \ninetcpl.cpl.mui| 11.0.9600.18817| 7-Sep-2017| 15:24| 75,776 \nieui.dll| 11.0.9600.19650| 11-Feb-2020| 4:46| 427,520 \niedkcs32.dll| 18.0.9600.19963| 12-Feb-2021| 17:52| 292,864 \ninstall.ins| Not versioned| 12-Jul-2021| 19:01| 464 \nieapfltr.dat| 10.0.9301.0| 23-Sep-2013| 19:22| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:07| 548,864 \niepeers.dll| 11.0.9600.19963| 12-Feb-2021| 17:59| 107,008 \nlicmgr10.dll| 11.0.9600.17416| 30-Oct-2014| 19:34| 23,552 \ntdc.ocx| 11.0.9600.19963| 12-Feb-2021| 18:02| 62,464 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.17416| 30-Oct-2014| 19:52| 495,616 \niedvtool.dll| 11.0.9600.20045| 4-Jun-2021| 21:19| 726,016 \nDiagnosticsHub_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:22| 39,936 \ndxtmsft.dll| 11.0.9600.19963| 12-Feb-2021| 18:06| 364,032 \ndxtrans.dll| 11.0.9600.19963| 12-Feb-2021| 17:58| 221,696 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 15-Aug-2014| 15:50| 11,892 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:20| 4,096 \nF12.dll.mui| 11.0.9600.17278| 15-Aug-2014| 18:39| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:28| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:17| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 12-Jul-2021| 21:57| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:26| 4,096 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:27| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:19| 3,584 \nF12.dll.mui| 11.0.9600.17278| 16-Aug-2014| 4:18| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20045| 4-Jun-2021| 21:17| 175,616 \nF12Resources.dll| 11.0.9600.17496| 21-Nov-2014| 17:44| 10,948,608 \nF12Tools.dll| 11.0.9600.20045| 4-Jun-2021| 21:16| 263,680 \nF12.dll| 11.0.9600.20045| 4-Jun-2021| 21:08| 1,186,304 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 587,776 \nmsfeeds.mof| Not versioned| 5-Feb-2014| 21:51| 1,518 \nmsfeedsbs.mof| Not versioned| 21-Aug-2013| 16:43| 1,574 \nmsfeedsbs.dll| 11.0.9600.19650| 11-Feb-2020| 4:34| 43,520 \nmsfeedssync.exe| 11.0.9600.16384| 21-Aug-2013| 20:05| 11,776 \nmshtmled.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 73,216 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 20:22| 16,228,864 \nmshtml.tlb| 11.0.9600.16518| 6-Feb-2014| 1:36| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 5-Feb-2014| 21:39| 3,228 \nIEAdvpack.dll| 11.0.9600.16384| 21-Aug-2013| 19:54| 98,816 \nieetwcollector.exe| 11.0.9600.18658| 5-Apr-2017| 10:29| 98,816 \nieetwproxystub.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 43,008 \nieetwcollectorres.dll| 11.0.9600.16518| 6-Feb-2014| 1:36| 4,096 \nielowutil.exe| 11.0.9600.17031| 22-Feb-2014| 1:32| 222,208 \nieproxy.dll| 11.0.9600.19963| 12-Feb-2021| 17:33| 308,224 \nIEShims.dll| 11.0.9600.19650| 11-Feb-2020| 4:11| 268,800 \nimgutil.dll| 11.0.9600.19963| 12-Feb-2021| 17:43| 34,816 \nWindows Pop-up Blocked.wav| Not versioned| 23-Sep-2013| 20:25| 85,548 \nWindows Information Bar.wav| Not versioned| 23-Sep-2013| 20:25| 23,308 \nWindows Feed Discovered.wav| Not versioned| 23-Sep-2013| 20:25| 19,884 \nWindows Navigation Start.wav| Not versioned| 23-Sep-2013| 20:25| 11,340 \nbing.ico| Not versioned| 23-Sep-2013| 19:51| 5,430 \nieUnatt.exe| 11.0.9600.16518| 6-Feb-2014| 1:12| 112,128 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 12-Jul-2021| 21:21| 2,956 \njsdbgui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 457,216 \njsprofilerui.dll| 11.0.9600.19963| 12-Feb-2021| 18:01| 574,976 \nMemoryAnalyzer.dll| 11.0.9600.19963| 12-Feb-2021| 18:12| 1,935,360 \nMshtmlDac.dll| 11.0.9600.19867| 12-Oct-2020| 21:22| 60,928 \nnetworkinspection.dll| 11.0.9600.19963| 12-Feb-2021| 17:57| 1,105,408 \noccache.dll| 11.0.9600.19867| 12-Oct-2020| 21:01| 121,856 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \nwebcheck.dll| 11.0.9600.19867| 12-Oct-2020| 20:57| 201,216 \ndesktop.ini| Not versioned| 18-Jun-2013| 7:46| 65 \npdm.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 420,752 \nmsdbg2.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 295,320 \npdmproxy100.dll| 12.0.20712.1| 26-Jul-2013| 10:03| 76,712 \nmsrating.dll| 11.0.9600.17905| 15-Jun-2015| 12:46| 157,184 \nicrav03.rat| Not versioned| 23-Sep-2013| 19:32| 8,798 \nticrf.rat| Not versioned| 23-Sep-2013| 19:32| 1,988 \niertutil.dll| 11.0.9600.20064| 14-Jun-2021| 20:45| 2,186,240 \nie4uinit.exe| 11.0.9600.19963| 12-Feb-2021| 17:52| 678,400 \niernonce.dll| 11.0.9600.16518| 6-Feb-2014| 1:15| 28,160 \niesetup.dll| 11.0.9600.16518| 6-Feb-2014| 1:23| 59,904 \nieuinit.inf| Not versioned| 12-Mar-2015| 18:46| 16,303 \ninseng.dll| 11.0.9600.16384| 21-Aug-2013| 19:35| 77,312 \niesysprep.dll| 11.0.9600.17416| 30-Oct-2014| 19:28| 87,552 \nTimeline.dll| 11.0.9600.19963| 12-Feb-2021| 18:02| 155,648 \nTimeline_is.dll| 11.0.9600.19963| 12-Feb-2021| 18:14| 130,048 \nTimeline.cpu.xml| Not versioned| 24-Jul-2014| 12:09| 3,197 \nVGX.dll| 11.0.9600.19963| 12-Feb-2021| 18:00| 734,720 \nurl.dll| 11.0.9600.17416| 30-Oct-2014| 19:49| 236,032 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,066,432 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,121,216 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,075,136 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,063,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,314,240 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,390,528 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,034,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:03| 2,033,152 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,255,872 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,061,312 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 2,326,016 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:54| 2,019,840 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,071,040 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,082,816 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,307,584 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,170,368 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,153,984 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,291,712 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,283,520 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,052,096 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,301,952 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,093,056 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:53| 2,075,648 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,299,392 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,094,592 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,316,800 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,305,536 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,278,912 \nieframe.dll.mui| 11.0.9600.20091| 12-Jul-2021| 22:01| 2,286,080 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:52| 2,060,288 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,315,776 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,278,912 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:48| 2,324,992 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:49| 2,098,176 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:51| 1,890,304 \nieframe.dll.mui| 11.0.9600.19846| 23-Sep-2020| 21:50| 1,890,304 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:09| 12,314,624 \nieframe.ptxml| Not versioned| 5-Feb-2014| 21:38| 24,486 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 526,294 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 499,654 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:34| 552,337 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 944,559 \nInetRes.adml| Not versioned| 12-Feb-2021| 18:45| 457,561 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 543,946 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 526,557 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 575,838 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:32| 570,737 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,119 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 639,271 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 525,504 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 488,488 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:31| 548,494 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 559,343 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 535,067 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 541,455 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 804,470 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 503,909 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 521,583 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:30| 420,082 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \nInetRes.adml| Not versioned| 12-Feb-2021| 19:33| 436,651 \ninetres.admx| Not versioned| 11-Jan-2021| 19:24| 1,678,023 \ninetcomm.dll| 6.3.9600.20091| 12-Jul-2021| 20:24| 675,328 \nINETRES.dll| 6.3.9600.16384| 21-Aug-2013| 20:15| 84,480 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:14| 3,571,712 \njscript9diag.dll| 11.0.9600.20045| 4-Jun-2021| 21:23| 557,568 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:39| 516,096 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:43| 403,968 \n \n### Windows Server 2012\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 17-Jul-21| 1:30| 589,338 \nIe11-windows6.2-kb5005036-x86-express.cab| Not versioned| 17-Jul-21| 0:12| 729,960 \nIe11-windows6.2-kb5005036-x86.msu| Not versioned| 16-Jul-21| 23:39| 27,620,947 \nIe11-windows6.2-kb5005036-x86.psf| Not versioned| 16-Jul-21| 23:56| 184,407,260 \nPackageinfo.xml| Not versioned| 17-Jul-21| 1:30| 1,133 \nPackagestructure.xml| Not versioned| 17-Jul-21| 1:30| 149,422 \nPrebvtpackageinfo.xml| Not versioned| 17-Jul-21| 1:30| 573 \nIe11-windows6.2-kb5005036-x86.cab| Not versioned| 16-Jul-21| 23:23| 27,491,828 \nIe11-windows6.2-kb5005036-x86.xml| Not versioned| 16-Jul-21| 23:31| 450 \nWsusscan.cab| Not versioned| 16-Jul-21| 23:33| 173,630 \nUrlmon.dll| 11.0.9600.20091| 13-Jul-21| 3:21| 1,342,976 \nIexplore.exe| 11.0.9600.20091| 16-Jul-21| 18:01| 810,384 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 46,592 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 56,320 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 57,856 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 47,616 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 49,152 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 55,296 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 45,056 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 53,248 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 39,424 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 35,840 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 53,760 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 54,272 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 51,200 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 53,248 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 52,736 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 51,712 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 50,688 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 50,176 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 30,720 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 30,720 \nWininet.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 30,720 \nInetcpl.cpl| 11.0.9600.20091| 13-Jul-21| 3:37| 2,058,752 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 307,200 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 293,888 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 290,304 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 289,280 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 299,008 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 303,104 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 282,112 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 296,960 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 283,648 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 291,840 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 299,520 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 275,968 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 290,816 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 293,376 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 296,960 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 258,048 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 256,512 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 289,280 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 288,256 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 285,184 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 295,424 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 297,472 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 292,864 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 295,424 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 294,400 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 294,400 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 292,864 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 290,816 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 288,768 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 286,208 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 281,600 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 286,720 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 292,352 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 242,176 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 243,200 \nMshtml.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 243,200 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 46,080 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 51,712 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 54,272 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 50,688 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 45,056 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 39,936 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 39,424 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 47,616 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 51,200 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 50,688 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 50,176 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 49,664 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 48,640 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 48,128 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 49,152 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 48,128 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nUrlmon.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 35,328 \nJsproxy.dll| 11.0.9600.20091| 13-Jul-21| 4:01| 47,104 \nWininet.dll| 11.0.9600.20091| 13-Jul-21| 3:26| 4,387,840 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 114,176 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 124,928 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 122,880 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 130,048 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 138,240 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 114,688 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 131,584 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 117,760 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 122,368 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 134,144 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 107,008 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 127,488 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 128,512 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 88,576 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 82,944 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 123,392 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 120,320 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 130,560 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 125,952 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 128,000 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 129,024 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 124,416 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 121,856 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 115,712 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 123,904 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 125,440 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 72,704 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 73,728 \nInetcpl.cpl.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 73,728 \nMsfeedsbs.dll| 11.0.9600.20091| 13-Jul-21| 3:45| 52,736 \nMsfeedsbs.mof| Not versioned| 13-Jul-21| 2:13| 1,574 \nMsfeedssync.exe| 11.0.9600.20091| 13-Jul-21| 4:07| 11,776 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 13-Jul-21| 2:01| 3,228 \nMshtml.dll| 11.0.9600.20091| 13-Jul-21| 4:35| 20,293,632 \nMshtml.tlb| 11.0.9600.20091| 13-Jul-21| 4:16| 2,724,864 \nIeproxy.dll| 11.0.9600.20091| 13-Jul-21| 3:16| 310,784 \nIeshims.dll| 11.0.9600.20091| 13-Jul-21| 3:20| 290,304 \nIertutil.dll| 11.0.9600.20091| 13-Jul-21| 4:06| 2,308,608 \nSqmapi.dll| 6.2.9200.16384| 16-Jul-21| 18:01| 228,240 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 2,066,432 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 2,121,216 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 2,063,872 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 2,314,240 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 2,390,528 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 2,033,152 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 2,255,872 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 2,061,312 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 2,326,016 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 2,019,840 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 2,071,040 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 2,082,816 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 2,307,584 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 2,170,368 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 2,153,984 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 2,291,712 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 2,283,520 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 2,052,096 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 2,301,952 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 2,093,056 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 2,075,648 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 2,299,392 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 2,094,592 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 2,316,800 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 2,305,536 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 2,278,912 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 2,285,568 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 2,060,288 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 2,315,776 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 2,279,424 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 2,324,992 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 2,098,176 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 1,890,304 \nIeframe.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 1,890,304 \nIeframe.dll| 11.0.9600.20091| 13-Jul-21| 3:43| 13,882,368 \nIeframe.ptxml| Not versioned| 13-Jul-21| 2:01| 24,486 \nInetres.adml| Not versioned| 16-Jul-21| 18:01| 463,373 \nInetres.adml| Not versioned| 16-Jul-21| 18:02| 751,382 \nInetres.adml| Not versioned| 16-Jul-21| 18:03| 526,344 \nInetres.adml| Not versioned| 16-Jul-21| 18:03| 499,706 \nInetres.adml| Not versioned| 16-Jul-21| 18:04| 552,386 \nInetres.adml| Not versioned| 16-Jul-21| 18:05| 944,609 \nInetres.adml| Not versioned| 16-Jul-21| 18:38| 457,561 \nInetres.adml| Not versioned| 16-Jul-21| 18:05| 543,997 \nInetres.adml| Not versioned| 16-Jul-21| 18:06| 751,359 \nInetres.adml| Not versioned| 16-Jul-21| 18:06| 526,606 \nInetres.adml| Not versioned| 16-Jul-21| 18:07| 575,887 \nInetres.adml| Not versioned| 16-Jul-21| 18:08| 463,373 \nInetres.adml| Not versioned| 16-Jul-21| 18:08| 751,329 \nInetres.adml| Not versioned| 16-Jul-21| 18:09| 570,784 \nInetres.adml| Not versioned| 16-Jul-21| 18:09| 548,169 \nInetres.adml| Not versioned| 16-Jul-21| 18:10| 639,283 \nInetres.adml| Not versioned| 16-Jul-21| 18:11| 525,516 \nInetres.adml| Not versioned| 16-Jul-21| 18:11| 751,351 \nInetres.adml| Not versioned| 16-Jul-21| 18:12| 751,299 \nInetres.adml| Not versioned| 16-Jul-21| 18:13| 488,536 \nInetres.adml| Not versioned| 16-Jul-21| 18:13| 548,544 \nInetres.adml| Not versioned| 16-Jul-21| 18:14| 559,395 \nInetres.adml| Not versioned| 16-Jul-21| 18:15| 535,117 \nInetres.adml| Not versioned| 16-Jul-21| 18:15| 541,506 \nInetres.adml| Not versioned| 16-Jul-21| 18:16| 751,421 \nInetres.adml| Not versioned| 16-Jul-21| 18:16| 804,520 \nInetres.adml| Not versioned| 16-Jul-21| 18:17| 751,266 \nInetres.adml| Not versioned| 16-Jul-21| 18:18| 751,330 \nInetres.adml| Not versioned| 16-Jul-21| 18:18| 751,274 \nInetres.adml| Not versioned| 16-Jul-21| 18:19| 503,958 \nInetres.adml| Not versioned| 16-Jul-21| 18:19| 751,272 \nInetres.adml| Not versioned| 16-Jul-21| 18:20| 521,633 \nInetres.adml| Not versioned| 16-Jul-21| 18:21| 751,313 \nInetres.adml| Not versioned| 16-Jul-21| 18:21| 420,094 \nInetres.adml| Not versioned| 16-Jul-21| 18:22| 436,663 \nInetres.adml| Not versioned| 16-Jul-21| 18:23| 436,663 \nInetres.admx| Not versioned| 4-Mar-21| 22:09| 1,678,023 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:01| 29,184 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:02| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:03| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:04| 35,328 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 37,888 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:38| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:05| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:06| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:07| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 27,648 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:08| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:09| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 33,792 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:10| 23,040 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 22,016 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:11| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:12| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 31,232 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:13| 34,304 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:14| 35,840 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:15| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:16| 34,816 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:17| 33,280 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 32,256 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:18| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:19| 32,768 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:20| 30,720 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 29,696 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:21| 16,384 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:22| 16,896 \nJscript9.dll.mui| 11.0.9600.20091| 16-Jul-21| 18:23| 16,896 \nJscript9.dll| 11.0.9600.20091| 13-Jul-21| 3:46| 4,119,040 \nJscript9diag.dll| 11.0.9600.20091| 13-Jul-21| 3:58| 620,032 \nJscript.dll| 5.8.9600.20091| 13-Jul-21| 3:58| 653,824 \nVbscript.dll| 5.8.9600.20091| 13-Jul-21| 4:07| 498,176 \nPackage.cab| Not versioned| 16-Jul-21| 23:31| 300,465 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **File size**| **Date**| **Time** \n---|---|---|---|--- \nFileinfo.xml| Not versioned| 916,366| 17-Jul-21| 1:59 \nIe11-windows6.2-kb5005036-x64-express.cab| Not versioned| 1,226,553| 17-Jul-21| 0:15 \nIe11-windows6.2-kb5005036-x64.msu| Not versioned| 48,197,090| 16-Jul-21| 23:42 \nIe11-windows6.2-kb5005036-x64.psf| Not versioned| 282,907,689| 17-Jul-21| 0:02 \nPackageinfo.xml| Not versioned| 1,228| 17-Jul-21| 1:59 \nPackagestructure.xml| Not versioned| 239,770| 17-Jul-21| 1:59 \nPrebvtpackageinfo.xml| Not versioned| 652| 17-Jul-21| 1:59 \nIe11-windows6.2-kb5005036-x64.cab| Not versioned| 48,101,609| 16-Jul-21| 23:31 \nIe11-windows6.2-kb5005036-x64.xml| Not versioned| 452| 16-Jul-21| 23:31 \nWsusscan.cab| Not versioned| 172,370| 16-Jul-21| 23:36 \nUrlmon.dll| 11.0.9600.20091| 1,562,624| 13-Jul-21| 3:48 \nIexplore.exe| 11.0.9600.20091| 810,400| 16-Jul-21| 21:10 \nWininet.dll.mui| 11.0.9600.20091| 46,592| 16-Jul-21| 21:11 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:13 \nWininet.dll.mui| 11.0.9600.20091| 56,320| 16-Jul-21| 21:14 \nWininet.dll.mui| 11.0.9600.20091| 57,856| 16-Jul-21| 21:14 \nWininet.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 22:13 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:15 \nWininet.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:15 \nWininet.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:16 \nWininet.dll.mui| 11.0.9600.20091| 55,296| 16-Jul-21| 21:17 \nWininet.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 21:17 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:18 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:19 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 21:19 \nWininet.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 21:20 \nWininet.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 21:20 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:21 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:21 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:22 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:23 \nWininet.dll.mui| 11.0.9600.20091| 53,760| 16-Jul-21| 21:23 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:24 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:24 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:25 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:26 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:27 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:28 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:29 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:29 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:30 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:30 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:31 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:32 \nInetcpl.cpl| 11.0.9600.20091| 2,132,992| 13-Jul-21| 3:57 \nMshtml.dll.mui| 11.0.9600.20091| 307,200| 16-Jul-21| 21:11 \nMshtml.dll.mui| 11.0.9600.20091| 293,888| 16-Jul-21| 21:12 \nMshtml.dll.mui| 11.0.9600.20091| 290,304| 16-Jul-21| 21:12 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 21:13 \nMshtml.dll.mui| 11.0.9600.20091| 299,008| 16-Jul-21| 21:14 \nMshtml.dll.mui| 11.0.9600.20091| 303,104| 16-Jul-21| 21:14 \nMshtml.dll.mui| 11.0.9600.20091| 282,112| 16-Jul-21| 22:13 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 21:15 \nMshtml.dll.mui| 11.0.9600.20091| 283,648| 16-Jul-21| 21:16 \nMshtml.dll.mui| 11.0.9600.20091| 291,840| 16-Jul-21| 21:16 \nMshtml.dll.mui| 11.0.9600.20091| 299,520| 16-Jul-21| 21:17 \nMshtml.dll.mui| 11.0.9600.20091| 275,968| 16-Jul-21| 21:17 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 21:18 \nMshtml.dll.mui| 11.0.9600.20091| 293,376| 16-Jul-21| 21:18 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 21:19 \nMshtml.dll.mui| 11.0.9600.20091| 258,048| 16-Jul-21| 21:20 \nMshtml.dll.mui| 11.0.9600.20091| 256,512| 16-Jul-21| 21:20 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 21:21 \nMshtml.dll.mui| 11.0.9600.20091| 288,256| 16-Jul-21| 21:21 \nMshtml.dll.mui| 11.0.9600.20091| 285,184| 16-Jul-21| 21:22 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 21:23 \nMshtml.dll.mui| 11.0.9600.20091| 297,472| 16-Jul-21| 21:23 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 21:24 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 21:25 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 21:25 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 21:26 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 21:26 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 21:27 \nMshtml.dll.mui| 11.0.9600.20091| 288,768| 16-Jul-21| 21:27 \nMshtml.dll.mui| 11.0.9600.20091| 286,208| 16-Jul-21| 21:28 \nMshtml.dll.mui| 11.0.9600.20091| 281,600| 16-Jul-21| 21:29 \nMshtml.dll.mui| 11.0.9600.20091| 286,720| 16-Jul-21| 21:29 \nMshtml.dll.mui| 11.0.9600.20091| 292,352| 16-Jul-21| 21:30 \nMshtml.dll.mui| 11.0.9600.20091| 242,176| 16-Jul-21| 21:30 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 21:31 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 21:32 \nUrlmon.dll.mui| 11.0.9600.20091| 46,080| 16-Jul-21| 21:11 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:12 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:12 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:13 \nUrlmon.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 21:14 \nUrlmon.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 22:13 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:15 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:16 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:17 \nUrlmon.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 21:17 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:19 \nUrlmon.dll.mui| 11.0.9600.20091| 39,936| 16-Jul-21| 21:20 \nUrlmon.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 21:21 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:22 \nUrlmon.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 21:23 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 21:23 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:24 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:24 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:25 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:26 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 21:26 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:27 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 21:27 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 21:28 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 21:29 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 21:29 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 21:30 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:30 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:31 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:32 \nJsproxy.dll| 11.0.9600.20091| 54,784| 13-Jul-21| 4:32 \nWininet.dll| 11.0.9600.20091| 4,858,880| 13-Jul-21| 4:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,176| 16-Jul-21| 21:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 21:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,928| 16-Jul-21| 21:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,880| 16-Jul-21| 21:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,048| 16-Jul-21| 21:14 \nInetcpl.cpl.mui| 11.0.9600.20091| 138,240| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,688| 16-Jul-21| 22:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 131,584| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 117,760| 16-Jul-21| 21:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,368| 16-Jul-21| 21:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 134,144| 16-Jul-21| 21:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 107,008| 16-Jul-21| 21:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 21:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 127,488| 16-Jul-21| 21:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,512| 16-Jul-21| 21:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 88,576| 16-Jul-21| 21:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 82,944| 16-Jul-21| 21:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 21:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 21:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 120,320| 16-Jul-21| 21:22 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 21:23 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:23 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,952| 16-Jul-21| 21:24 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:24 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,000| 16-Jul-21| 21:25 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 21:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:27 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,416| 16-Jul-21| 21:27 \nInetcpl.cpl.mui| 11.0.9600.20091| 121,856| 16-Jul-21| 21:28 \nInetcpl.cpl.mui| 11.0.9600.20091| 115,712| 16-Jul-21| 21:29 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 21:29 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 21:30 \nInetcpl.cpl.mui| 11.0.9600.20091| 72,704| 16-Jul-21| 21:30 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 21:31 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 21:32 \nMsfeedsbs.dll| 11.0.9600.20091| 60,416| 13-Jul-21| 4:11 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Jul-21| 2:21 \nMsfeedssync.exe| 11.0.9600.20091| 13,312| 13-Jul-21| 4:39 \nMicrosoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Jul-21| 2:13 \nMshtml.dll| 11.0.9600.20091| 25,757,696| 13-Jul-21| 5:22 \nMshtml.tlb| 11.0.9600.20091| 2,724,864| 13-Jul-21| 4:50 \nIeproxy.dll| 11.0.9600.20091| 870,400| 13-Jul-21| 3:29 \nIeshims.dll| 11.0.9600.20091| 387,072| 13-Jul-21| 3:34 \nIertutil.dll| 11.0.9600.20091| 2,916,864| 13-Jul-21| 4:48 \nSqmapi.dll| 6.2.9200.16384| 286,112| 16-Jul-21| 21:10 \nIeframe.dll.mui| 11.0.9600.20091| 2,066,432| 16-Jul-21| 21:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,121,216| 16-Jul-21| 21:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 21:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,063,872| 16-Jul-21| 21:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,314,240| 16-Jul-21| 21:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,390,528| 16-Jul-21| 21:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,033,152| 16-Jul-21| 22:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 21:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,255,872| 16-Jul-21| 21:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,061,312| 16-Jul-21| 21:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,326,016| 16-Jul-21| 21:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,019,840| 16-Jul-21| 21:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,071,040| 16-Jul-21| 21:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,082,816| 16-Jul-21| 21:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 21:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,170,368| 16-Jul-21| 21:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,153,984| 16-Jul-21| 21:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,291,712| 16-Jul-21| 21:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,283,520| 16-Jul-21| 21:22 \nIeframe.dll.mui| 11.0.9600.20091| 2,052,096| 16-Jul-21| 21:22 \nIeframe.dll.mui| 11.0.9600.20091| 2,301,952| 16-Jul-21| 21:23 \nIeframe.dll.mui| 11.0.9600.20091| 2,093,056| 16-Jul-21| 21:24 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 21:24 \nIeframe.dll.mui| 11.0.9600.20091| 2,299,392| 16-Jul-21| 21:25 \nIeframe.dll.mui| 11.0.9600.20091| 2,094,592| 16-Jul-21| 21:25 \nIeframe.dll.mui| 11.0.9600.20091| 2,316,800| 16-Jul-21| 21:26 \nIeframe.dll.mui| 11.0.9600.20091| 2,305,536| 16-Jul-21| 21:27 \nIeframe.dll.mui| 11.0.9600.20091| 2,278,912| 16-Jul-21| 21:27 \nIeframe.dll.mui| 11.0.9600.20091| 2,285,568| 16-Jul-21| 21:28 \nIeframe.dll.mui| 11.0.9600.20091| 2,060,288| 16-Jul-21| 21:28 \nIeframe.dll.mui| 11.0.9600.20091| 2,315,776| 16-Jul-21| 21:29 \nIeframe.dll.mui| 11.0.9600.20091| 2,279,424| 16-Jul-21| 21:29 \nIeframe.dll.mui| 11.0.9600.20091| 2,324,992| 16-Jul-21| 21:30 \nIeframe.dll.mui| 11.0.9600.20091| 2,098,176| 16-Jul-21| 21:31 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 21:31 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 21:32 \nIeframe.dll| 11.0.9600.20091| 15,507,456| 13-Jul-21| 4:26 \nIeframe.ptxml| Not versioned| 24,486| 13-Jul-21| 2:13 \nInetres.adml| Not versioned| 463,373| 16-Jul-21| 21:11 \nInetres.adml| Not versioned| 751,257| 16-Jul-21| 21:12 \nInetres.adml| Not versioned| 526,342| 16-Jul-21| 21:12 \nInetres.adml| Not versioned| 499,704| 16-Jul-21| 21:13 \nInetres.adml| Not versioned| 552,388| 16-Jul-21| 21:14 \nInetres.adml| Not versioned| 944,608| 16-Jul-21| 21:14 \nInetres.adml| Not versioned| 457,561| 16-Jul-21| 22:13 \nInetres.adml| Not versioned| 543,997| 16-Jul-21| 21:15 \nInetres.adml| Not versioned| 751,275| 16-Jul-21| 21:15 \nInetres.adml| Not versioned| 526,606| 16-Jul-21| 21:16 \nInetres.adml| Not versioned| 575,891| 16-Jul-21| 21:17 \nInetres.adml| Not versioned| 463,373| 16-Jul-21| 21:17 \nInetres.adml| Not versioned| 751,582| 16-Jul-21| 21:18 \nInetres.adml| Not versioned| 570,785| 16-Jul-21| 21:19 \nInetres.adml| Not versioned| 548,170| 16-Jul-21| 21:19 \nInetres.adml| Not versioned| 639,283| 16-Jul-21| 21:20 \nInetres.adml| Not versioned| 525,516| 16-Jul-21| 21:20 \nInetres.adml| Not versioned| 751,408| 16-Jul-21| 21:21 \nInetres.adml| Not versioned| 751,457| 16-Jul-21| 21:21 \nInetres.adml| Not versioned| 488,537| 16-Jul-21| 21:22 \nInetres.adml| Not versioned| 548,544| 16-Jul-21| 21:23 \nInetres.adml| Not versioned| 559,394| 16-Jul-21| 21:23 \nInetres.adml| Not versioned| 535,117| 16-Jul-21| 21:24 \nInetres.adml| Not versioned| 541,505| 16-Jul-21| 21:24 \nInetres.adml| Not versioned| 751,347| 16-Jul-21| 21:25 \nInetres.adml| Not versioned| 804,520| 16-Jul-21| 21:26 \nInetres.adml| Not versioned| 751,166| 16-Jul-21| 21:26 \nInetres.adml| Not versioned| 751,517| 16-Jul-21| 21:27 \nInetres.adml| Not versioned| 751,324| 16-Jul-21| 21:27 \nInetres.adml| Not versioned| 503,958| 16-Jul-21| 21:28 \nInetres.adml| Not versioned| 751,319| 16-Jul-21| 21:29 \nInetres.adml| Not versioned| 521,634| 16-Jul-21| 21:29 \nInetres.adml| Not versioned| 751,381| 16-Jul-21| 21:30 \nInetres.adml| Not versioned| 420,094| 16-Jul-21| 21:30 \nInetres.adml| Not versioned| 436,663| 16-Jul-21| 21:31 \nInetres.adml| Not versioned| 436,663| 16-Jul-21| 21:32 \nInetres.admx| Not versioned| 1,678,023| 13-Apr-21| 5:59 \nJscript9.dll.mui| 11.0.9600.20091| 29,184| 16-Jul-21| 21:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:12 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:12 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:13 \nJscript9.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 21:14 \nJscript9.dll.mui| 11.0.9600.20091| 37,888| 16-Jul-21| 21:14 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 22:13 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:15 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:15 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:16 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:17 \nJscript9.dll.mui| 11.0.9600.20091| 27,648| 16-Jul-21| 21:17 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:18 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:18 \nJscript9.dll.mui| 11.0.9600.20091| 33,792| 16-Jul-21| 21:19 \nJscript9.dll.mui| 11.0.9600.20091| 23,040| 16-Jul-21| 21:20 \nJscript9.dll.mui| 11.0.9600.20091| 22,016| 16-Jul-21| 21:20 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:21 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:21 \nJscript9.dll.mui| 11.0.9600.20091| 31,232| 16-Jul-21| 21:22 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 21:23 \nJscript9.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 21:23 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:24 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:24 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:25 \nJscript9.dll.mui| 11.0.9600.20091| 34,816| 16-Jul-21| 21:26 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 21:26 \nJscript9.dll.mui| 11.0.9600.20091| 32,256| 16-Jul-21| 21:27 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:27 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 21:28 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:29 \nJscript9.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 21:29 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 21:30 \nJscript9.dll.mui| 11.0.9600.20091| 16,384| 16-Jul-21| 21:30 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 21:31 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 21:32 \nJscript9.dll| 11.0.9600.20091| 5,507,584| 13-Jul-21| 5:01 \nJscript9diag.dll| 11.0.9600.20091| 814,592| 13-Jul-21| 4:28 \nJscript.dll| 5.8.9600.20091| 785,408| 13-Jul-21| 4:29 \nVbscript.dll| 5.8.9600.20091| 580,608| 13-Jul-21| 4:39 \nIexplore.exe| 11.0.9600.20091| 810,384| 16-Jul-21| 18:01 \nMshtml.dll| 11.0.9600.20091| 20,293,632| 13-Jul-21| 4:35 \nMshtml.tlb| 11.0.9600.20091| 2,724,864| 13-Jul-21| 4:16 \nWow64_microsoft-windows-ie-htmlrendering.ptxml| Not versioned| 3,228| 13-Jul-21| 2:04 \nIe9props.propdesc| Not versioned| 2,843| 4-Mar-21| 21:47 \nIeframe.dll| 11.0.9600.20091| 13,882,368| 13-Jul-21| 3:43 \nWow64_ieframe.ptxml| Not versioned| 24,486| 13-Jul-21| 2:04 \nJscript9.dll| 11.0.9600.20091| 4,119,040| 13-Jul-21| 3:46 \nJscript9diag.dll| 11.0.9600.20091| 620,032| 13-Jul-21| 3:58 \nJscript.dll| 5.8.9600.20091| 653,824| 13-Jul-21| 3:58 \nVbscript.dll| 5.8.9600.20091| 498,176| 13-Jul-21| 4:07 \nUrlmon.dll| 11.0.9600.20091| 1,342,976| 13-Jul-21| 3:21 \nWininet.dll.mui| 11.0.9600.20091| 46,592| 16-Jul-21| 18:01 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:02 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:03 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 56,320| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 57,856| 16-Jul-21| 18:04 \nWininet.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:38 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:05 \nWininet.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:06 \nWininet.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:06 \nWininet.dll.mui| 11.0.9600.20091| 55,296| 16-Jul-21| 18:07 \nWininet.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 18:08 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:08 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:09 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 18:10 \nWininet.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 18:10 \nWininet.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 18:11 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:12 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:12 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:13 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:13 \nWininet.dll.mui| 11.0.9600.20091| 53,760| 16-Jul-21| 18:14 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:15 \nWininet.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:15 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:16 \nWininet.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:16 \nWininet.dll.mui| 11.0.9600.20091| 53,248| 16-Jul-21| 18:17 \nWininet.dll.mui| 11.0.9600.20091| 52,736| 16-Jul-21| 18:18 \nWininet.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:18 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:19 \nWininet.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:19 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:20 \nWininet.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:21 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:21 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:22 \nWininet.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:22 \nInetcpl.cpl| 11.0.9600.20091| 2,058,752| 13-Jul-21| 3:37 \nMshtml.dll.mui| 11.0.9600.20091| 307,200| 16-Jul-21| 18:01 \nMshtml.dll.mui| 11.0.9600.20091| 293,888| 16-Jul-21| 18:02 \nMshtml.dll.mui| 11.0.9600.20091| 290,304| 16-Jul-21| 18:03 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 18:03 \nMshtml.dll.mui| 11.0.9600.20091| 299,008| 16-Jul-21| 18:04 \nMshtml.dll.mui| 11.0.9600.20091| 303,104| 16-Jul-21| 18:04 \nMshtml.dll.mui| 11.0.9600.20091| 282,112| 16-Jul-21| 18:38 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 18:05 \nMshtml.dll.mui| 11.0.9600.20091| 283,648| 16-Jul-21| 18:06 \nMshtml.dll.mui| 11.0.9600.20091| 291,840| 16-Jul-21| 18:07 \nMshtml.dll.mui| 11.0.9600.20091| 299,520| 16-Jul-21| 18:07 \nMshtml.dll.mui| 11.0.9600.20091| 275,968| 16-Jul-21| 18:08 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 18:08 \nMshtml.dll.mui| 11.0.9600.20091| 293,376| 16-Jul-21| 18:09 \nMshtml.dll.mui| 11.0.9600.20091| 296,960| 16-Jul-21| 18:10 \nMshtml.dll.mui| 11.0.9600.20091| 258,048| 16-Jul-21| 18:10 \nMshtml.dll.mui| 11.0.9600.20091| 256,512| 16-Jul-21| 18:11 \nMshtml.dll.mui| 11.0.9600.20091| 289,280| 16-Jul-21| 18:12 \nMshtml.dll.mui| 11.0.9600.20091| 288,256| 16-Jul-21| 18:12 \nMshtml.dll.mui| 11.0.9600.20091| 285,184| 16-Jul-21| 18:13 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 18:13 \nMshtml.dll.mui| 11.0.9600.20091| 297,472| 16-Jul-21| 18:14 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 18:15 \nMshtml.dll.mui| 11.0.9600.20091| 295,424| 16-Jul-21| 18:15 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 18:16 \nMshtml.dll.mui| 11.0.9600.20091| 294,400| 16-Jul-21| 18:17 \nMshtml.dll.mui| 11.0.9600.20091| 292,864| 16-Jul-21| 18:17 \nMshtml.dll.mui| 11.0.9600.20091| 290,816| 16-Jul-21| 18:18 \nMshtml.dll.mui| 11.0.9600.20091| 288,768| 16-Jul-21| 18:18 \nMshtml.dll.mui| 11.0.9600.20091| 286,208| 16-Jul-21| 18:19 \nMshtml.dll.mui| 11.0.9600.20091| 281,600| 16-Jul-21| 18:20 \nMshtml.dll.mui| 11.0.9600.20091| 286,720| 16-Jul-21| 18:20 \nMshtml.dll.mui| 11.0.9600.20091| 292,352| 16-Jul-21| 18:21 \nMshtml.dll.mui| 11.0.9600.20091| 242,176| 16-Jul-21| 18:21 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 18:22 \nMshtml.dll.mui| 11.0.9600.20091| 243,200| 16-Jul-21| 18:23 \nUrlmon.dll.mui| 11.0.9600.20091| 46,080| 16-Jul-21| 18:01 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:02 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:03 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:03 \nUrlmon.dll.mui| 11.0.9600.20091| 51,712| 16-Jul-21| 18:04 \nUrlmon.dll.mui| 11.0.9600.20091| 54,272| 16-Jul-21| 18:05 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:38 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:05 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:06 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:06 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:07 \nUrlmon.dll.mui| 11.0.9600.20091| 45,056| 16-Jul-21| 18:08 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:08 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:09 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:10 \nUrlmon.dll.mui| 11.0.9600.20091| 39,936| 16-Jul-21| 18:10 \nUrlmon.dll.mui| 11.0.9600.20091| 39,424| 16-Jul-21| 18:11 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:12 \nUrlmon.dll.mui| 11.0.9600.20091| 47,616| 16-Jul-21| 18:12 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:13 \nUrlmon.dll.mui| 11.0.9600.20091| 51,200| 16-Jul-21| 18:13 \nUrlmon.dll.mui| 11.0.9600.20091| 50,688| 16-Jul-21| 18:14 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:15 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:15 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:16 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:16 \nUrlmon.dll.mui| 11.0.9600.20091| 50,176| 16-Jul-21| 18:17 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:18 \nUrlmon.dll.mui| 11.0.9600.20091| 49,664| 16-Jul-21| 18:18 \nUrlmon.dll.mui| 11.0.9600.20091| 48,640| 16-Jul-21| 18:19 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:19 \nUrlmon.dll.mui| 11.0.9600.20091| 49,152| 16-Jul-21| 18:20 \nUrlmon.dll.mui| 11.0.9600.20091| 48,128| 16-Jul-21| 18:21 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nUrlmon.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:22 \nJsproxy.dll| 11.0.9600.20091| 47,104| 13-Jul-21| 4:01 \nWininet.dll| 11.0.9600.20091| 4,387,840| 13-Jul-21| 3:26 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,176| 16-Jul-21| 18:01 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 18:02 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,928| 16-Jul-21| 18:03 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,880| 16-Jul-21| 18:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,048| 16-Jul-21| 18:04 \nInetcpl.cpl.mui| 11.0.9600.20091| 138,240| 16-Jul-21| 18:05 \nInetcpl.cpl.mui| 11.0.9600.20091| 114,688| 16-Jul-21| 18:38 \nInetcpl.cpl.mui| 11.0.9600.20091| 131,584| 16-Jul-21| 18:05 \nInetcpl.cpl.mui| 11.0.9600.20091| 117,760| 16-Jul-21| 18:06 \nInetcpl.cpl.mui| 11.0.9600.20091| 122,368| 16-Jul-21| 18:06 \nInetcpl.cpl.mui| 11.0.9600.20091| 134,144| 16-Jul-21| 18:07 \nInetcpl.cpl.mui| 11.0.9600.20091| 107,008| 16-Jul-21| 18:08 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 18:08 \nInetcpl.cpl.mui| 11.0.9600.20091| 127,488| 16-Jul-21| 18:09 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,512| 16-Jul-21| 18:09 \nInetcpl.cpl.mui| 11.0.9600.20091| 88,576| 16-Jul-21| 18:10 \nInetcpl.cpl.mui| 11.0.9600.20091| 82,944| 16-Jul-21| 18:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 18:11 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,392| 16-Jul-21| 18:12 \nInetcpl.cpl.mui| 11.0.9600.20091| 120,320| 16-Jul-21| 18:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 130,560| 16-Jul-21| 18:13 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:14 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,952| 16-Jul-21| 18:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:15 \nInetcpl.cpl.mui| 11.0.9600.20091| 128,000| 16-Jul-21| 18:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:16 \nInetcpl.cpl.mui| 11.0.9600.20091| 129,024| 16-Jul-21| 18:17 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 124,416| 16-Jul-21| 18:18 \nInetcpl.cpl.mui| 11.0.9600.20091| 121,856| 16-Jul-21| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 115,712| 16-Jul-21| 18:19 \nInetcpl.cpl.mui| 11.0.9600.20091| 123,904| 16-Jul-21| 18:20 \nInetcpl.cpl.mui| 11.0.9600.20091| 125,440| 16-Jul-21| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 72,704| 16-Jul-21| 18:21 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 18:22 \nInetcpl.cpl.mui| 11.0.9600.20091| 73,728| 16-Jul-21| 18:23 \nMsfeedsbs.dll| 11.0.9600.20091| 52,736| 13-Jul-21| 3:45 \nMsfeedsbs.mof| Not versioned| 1,574| 13-Jul-21| 2:13 \nMsfeedssync.exe| 11.0.9600.20091| 11,776| 13-Jul-21| 4:07 \nIeproxy.dll| 11.0.9600.20091| 310,784| 13-Jul-21| 3:16 \nIeshims.dll| 11.0.9600.20091| 290,304| 13-Jul-21| 3:20 \nIertutil.dll| 11.0.9600.20091| 2,308,608| 13-Jul-21| 4:06 \nSqmapi.dll| 6.2.9200.16384| 228,240| 16-Jul-21| 18:01 \nIeframe.dll.mui| 11.0.9600.20091| 2,066,432| 16-Jul-21| 18:02 \nIeframe.dll.mui| 11.0.9600.20091| 2,121,216| 16-Jul-21| 18:02 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 18:03 \nIeframe.dll.mui| 11.0.9600.20091| 2,063,872| 16-Jul-21| 18:03 \nIeframe.dll.mui| 11.0.9600.20091| 2,314,240| 16-Jul-21| 18:04 \nIeframe.dll.mui| 11.0.9600.20091| 2,390,528| 16-Jul-21| 18:05 \nIeframe.dll.mui| 11.0.9600.20091| 2,033,152| 16-Jul-21| 18:38 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 18:05 \nIeframe.dll.mui| 11.0.9600.20091| 2,255,872| 16-Jul-21| 18:06 \nIeframe.dll.mui| 11.0.9600.20091| 2,061,312| 16-Jul-21| 18:07 \nIeframe.dll.mui| 11.0.9600.20091| 2,326,016| 16-Jul-21| 18:07 \nIeframe.dll.mui| 11.0.9600.20091| 2,019,840| 16-Jul-21| 18:08 \nIeframe.dll.mui| 11.0.9600.20091| 2,071,040| 16-Jul-21| 18:09 \nIeframe.dll.mui| 11.0.9600.20091| 2,082,816| 16-Jul-21| 18:09 \nIeframe.dll.mui| 11.0.9600.20091| 2,307,584| 16-Jul-21| 18:10 \nIeframe.dll.mui| 11.0.9600.20091| 2,170,368| 16-Jul-21| 18:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,153,984| 16-Jul-21| 18:11 \nIeframe.dll.mui| 11.0.9600.20091| 2,291,712| 16-Jul-21| 18:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,283,520| 16-Jul-21| 18:12 \nIeframe.dll.mui| 11.0.9600.20091| 2,052,096| 16-Jul-21| 18:13 \nIeframe.dll.mui| 11.0.9600.20091| 2,301,952| 16-Jul-21| 18:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,093,056| 16-Jul-21| 18:14 \nIeframe.dll.mui| 11.0.9600.20091| 2,075,648| 16-Jul-21| 18:15 \nIeframe.dll.mui| 11.0.9600.20091| 2,299,392| 16-Jul-21| 18:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,094,592| 16-Jul-21| 18:16 \nIeframe.dll.mui| 11.0.9600.20091| 2,316,800| 16-Jul-21| 18:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,305,536| 16-Jul-21| 18:17 \nIeframe.dll.mui| 11.0.9600.20091| 2,278,912| 16-Jul-21| 18:18 \nIeframe.dll.mui| 11.0.9600.20091| 2,285,568| 16-Jul-21| 18:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,060,288| 16-Jul-21| 18:19 \nIeframe.dll.mui| 11.0.9600.20091| 2,315,776| 16-Jul-21| 18:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,279,424| 16-Jul-21| 18:20 \nIeframe.dll.mui| 11.0.9600.20091| 2,324,992| 16-Jul-21| 18:21 \nIeframe.dll.mui| 11.0.9600.20091| 2,098,176| 16-Jul-21| 18:22 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 18:22 \nIeframe.dll.mui| 11.0.9600.20091| 1,890,304| 16-Jul-21| 18:23 \nJscript9.dll.mui| 11.0.9600.20091| 29,184| 16-Jul-21| 18:01 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:02 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:03 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:03 \nJscript9.dll.mui| 11.0.9600.20091| 35,328| 16-Jul-21| 18:04 \nJscript9.dll.mui| 11.0.9600.20091| 37,888| 16-Jul-21| 18:05 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:38 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:05 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:06 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:06 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:07 \nJscript9.dll.mui| 11.0.9600.20091| 27,648| 16-Jul-21| 18:08 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:08 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:09 \nJscript9.dll.mui| 11.0.9600.20091| 33,792| 16-Jul-21| 18:10 \nJscript9.dll.mui| 11.0.9600.20091| 23,040| 16-Jul-21| 18:10 \nJscript9.dll.mui| 11.0.9600.20091| 22,016| 16-Jul-21| 18:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:11 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:12 \nJscript9.dll.mui| 11.0.9600.20091| 31,232| 16-Jul-21| 18:13 \nJscript9.dll.mui| 11.0.9600.20091| 34,304| 16-Jul-21| 18:13 \nJscript9.dll.mui| 11.0.9600.20091| 35,840| 16-Jul-21| 18:14 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:15 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:15 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:16 \nJscript9.dll.mui| 11.0.9600.20091| 34,816| 16-Jul-21| 18:16 \nJscript9.dll.mui| 11.0.9600.20091| 33,280| 16-Jul-21| 18:17 \nJscript9.dll.mui| 11.0.9600.20091| 32,256| 16-Jul-21| 18:18 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:18 \nJscript9.dll.mui| 11.0.9600.20091| 32,768| 16-Jul-21| 18:19 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:20 \nJscript9.dll.mui| 11.0.9600.20091| 30,720| 16-Jul-21| 18:20 \nJscript9.dll.mui| 11.0.9600.20091| 29,696| 16-Jul-21| 18:21 \nJscript9.dll.mui| 11.0.9600.20091| 16,384| 16-Jul-21| 18:21 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 18:22 \nJscript9.dll.mui| 11.0.9600.20091| 16,896| 16-Jul-21| 18:23 \nPackage.cab| Not versioned| 302,207| 16-Jul-21| 23:31 \n \n### Windows 7 and Windows Server 2008 R2\n\n### \n\n__\n\nInternet Explorer 11 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \niexplore.exe| 11.0.9600.20091| 13-Jul-2021| 12:28| 810,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:37| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 243,200 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 73,728 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 78,848 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 61,440 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 74,752 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 62,464 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 75,264 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 72,192 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 73,216 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 41,472 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 37,888 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 70,656 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 71,680 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 69,632 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 59,904 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 69,120 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 29,696 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nF12Resources.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 60,416 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 230,912 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 11,264 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 9,216 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:01| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \niedkcs32.dll| 18.0.9600.20091| 13-Jul-2021| 12:28| 341,920 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 4-Mar-2021| 13:41| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 20:47| 73,728 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20091| 12-Jul-2021| 21:09| 489,472 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 772,608 \nDiagnosticsHub_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 38,912 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 20:51| 415,744 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 280,064 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Jul-2021| 19:01| 11,892 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 4,096 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,584 \nF12.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 20:50| 175,104 \nF12Resources.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 10,948,096 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 256,000 \nF12.dll| 11.0.9600.20091| 12-Jul-2021| 20:41| 1,207,808 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:13| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:13| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 52,736 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:07| 11,776 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:06| 341,504 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 76,800 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:36| 1,155,584 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:16| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:01| 3,228 \nieetwcollector.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 104,960 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 47,616 \nieetwcollectorres.dll| 11.0.9600.20091| 12-Jul-2021| 21:16| 4,096 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:00| 221,184 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:16| 310,784 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:20| 290,304 \nWindows Pop-up Blocked.wav| Not versioned| 4-Mar-2021| 13:55| 85,548 \nWindows Information Bar.wav| Not versioned| 4-Mar-2021| 13:55| 23,308 \nWindows Feed Discovered.wav| Not versioned| 4-Mar-2021| 13:55| 19,884 \nWindows Navigation Start.wav| Not versioned| 4-Mar-2021| 13:55| 11,340 \nbing.ico| Not versioned| 4-Mar-2021| 13:48| 5,430 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 115,712 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 14-Jul-2021| 11:52| 2,956 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 579,584 \nMemoryAnalyzer.dll| 11.0.9600.20091| 12-Jul-2021| 20:56| 1,399,296 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:05| 64,000 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 1,075,200 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 130,048 \ndesktop.ini| Not versioned| 4-Mar-2021| 13:44| 65 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 230,400 \ndesktop.ini| Not versioned| 4-Mar-2021| 13:44| 65 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 168,960 \nicrav03.rat| Not versioned| 4-Mar-2021| 13:44| 8,798 \nticrf.rat| Not versioned| 4-Mar-2021| 13:44| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 13-Jul-2021| 12:28| 228,256 \nie4uinit.exe| 11.0.9600.20091| 12-Jul-2021| 20:36| 692,224 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 30,720 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 62,464 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:01| 16,303 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 91,136 \nTimeline.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 154,112 \nTimeline_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 124,928 \nTimeline.cpu.xml| Not versioned| 4-Mar-2021| 13:43| 3,197 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 818,176 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 476,160 \nieframe.ptxml| Not versioned| 12-Jul-2021| 19:01| 24,486 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 20:43| 475,648 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:29| 463,373 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:30| 751,414 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:31| 526,343 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:31| 499,703 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:32| 552,389 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:32| 944,609 \nInetRes.adml| Not versioned| 13-Jul-2021| 13:07| 457,561 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:33| 543,995 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:34| 751,408 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:34| 526,606 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:35| 575,889 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:36| 463,373 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:36| 751,197 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:37| 570,785 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:37| 548,169 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:38| 639,283 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:39| 525,516 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:39| 751,384 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:40| 751,453 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:41| 488,537 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:41| 548,546 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:42| 559,393 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:42| 535,116 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:43| 541,504 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:44| 751,242 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:44| 804,523 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:45| 751,465 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:45| 751,357 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:46| 751,445 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:46| 503,958 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:47| 751,357 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:48| 521,632 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:48| 751,465 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:49| 420,094 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:50| 436,663 \nInetRes.adml| Not versioned| 13-Jul-2021| 12:50| 436,663 \ninetres.admx| Not versioned| 4-Mar-2021| 14:09| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20091| 12-Jul-2021| 20:53| 668,672 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \n \n### \n\n__\n\nInternet Explorer 11 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:48| 1,562,624 \niexplore.exe| 11.0.9600.20091| 14-Jul-2021| 11:23| 810,376 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:57| 2,132,992 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 243,200 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 73,728 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 78,848 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 61,440 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 74,752 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 62,464 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 75,264 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 72,192 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 73,216 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 41,472 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 37,888 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 67,584 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 74,240 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 70,656 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 71,680 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 71,168 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 69,632 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 68,608 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 68,096 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 59,904 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 65,536 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 69,120 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 29,696 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 30,720 \nF12Resources.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 30,720 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 21:13| 77,824 \nDiagnosticsHub.ScriptedSandboxPlugin.dll| 11.0.9600.20091| 12-Jul-2021| 21:14| 276,480 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 35,328 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 11,264 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 9,216 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 7,680 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 7,680 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,752 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 9,728 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 10,240 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 6,656 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 6,656 \noccache.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 21:04| 4,858,880 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:32| 54,784 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 73,728 \niedkcs32.dll| 18.0.9600.20091| 14-Jul-2021| 11:23| 390,528 \ninstall.ins| Not versioned| 12-Jul-2021| 19:07| 464 \nieapfltr.dat| 10.0.9301.0| 12-Apr-2021| 22:55| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 800,768 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 21:13| 88,064 \nDiagnosticsHub.DataWarehouse.dll| 11.0.9600.20091| 12-Jul-2021| 21:41| 666,624 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 950,784 \nDiagnosticsHub_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:43| 50,176 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 21:19| 491,008 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 21:09| 316,416 \nMicrosoft-Windows-IE-F12-Provider.ptxml| Not versioned| 12-Jul-2021| 19:13| 11,892 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 4,096 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 3,584 \nF12.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 3,584 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 21:17| 245,248 \nF12Resources.dll| 11.0.9600.20091| 12-Jul-2021| 21:45| 10,949,120 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 21:16| 372,224 \nF12.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 1,422,848 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 809,472 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:21| 1,518 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:21| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 21:11| 60,416 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:39| 13,312 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:38| 417,280 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 92,672 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:57| 1,359,872 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 22:22| 25,757,696 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:50| 2,724,864 \nMicrosoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:13| 3,228 \nieetwcollector.exe| 11.0.9600.20091| 12-Jul-2021| 21:28| 116,224 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:38| 48,640 \nieetwcollectorres.dll| 11.0.9600.20091| 12-Jul-2021| 21:50| 4,096 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:31| 222,720 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:29| 870,400 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:34| 387,072 \nWindows Pop-up Blocked.wav| Not versioned| 12-Apr-2021| 22:57| 85,548 \nWindows Information Bar.wav| Not versioned| 12-Apr-2021| 22:57| 23,308 \nWindows Feed Discovered.wav| Not versioned| 12-Apr-2021| 22:57| 19,884 \nWindows Navigation Start.wav| Not versioned| 12-Apr-2021| 22:57| 11,340 \nbing.ico| Not versioned| 12-Apr-2021| 22:56| 5,430 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 21:28| 144,384 \nMicrosoft-Windows-IE-InternetExplorer-ppdlic.xrm-ms| Not versioned| 14-Jul-2021| 12:32| 2,956 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 628,736 \nMemoryAnalyzer.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 1,862,656 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:37| 88,064 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 1,217,024 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 21:07| 152,064 \ndesktop.ini| Not versioned| 12-Apr-2021| 22:55| 65 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 262,144 \ndesktop.ini| Not versioned| 12-Apr-2021| 22:55| 65 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 21:11| 199,680 \nicrav03.rat| Not versioned| 12-Apr-2021| 22:55| 8,798 \nticrf.rat| Not versioned| 12-Apr-2021| 22:55| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:48| 2,916,864 \nsqmapi.dll| 6.2.9200.16384| 14-Jul-2021| 11:23| 286,088 \nie4uinit.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 728,064 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:31| 34,304 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:38| 66,560 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:09| 16,303 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 21:13| 107,520 \nTimeline.dll| 11.0.9600.20091| 12-Jul-2021| 21:12| 219,648 \nTimeline_is.dll| 11.0.9600.20091| 12-Jul-2021| 21:31| 172,032 \nTimeline.cpu.xml| Not versioned| 12-Apr-2021| 22:55| 3,197 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 21:10| 1,018,880 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 3,072 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 21:26| 15,507,456 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 21:30| 615,936 \nieframe.ptxml| Not versioned| 12-Jul-2021| 19:13| 24,486 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 21:08| 492,032 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:24| 463,373 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:25| 751,268 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:25| 526,344 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:26| 499,704 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:26| 552,384 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:27| 944,610 \nInetRes.adml| Not versioned| 14-Jul-2021| 12:32| 457,561 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:28| 543,995 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:28| 751,402 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:29| 526,608 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:30| 575,890 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:30| 463,373 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:31| 751,351 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:31| 570,787 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:32| 548,169 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:33| 639,283 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:33| 525,516 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:34| 751,362 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:34| 751,276 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:35| 488,538 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:36| 548,545 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:36| 559,392 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:37| 535,119 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:37| 541,503 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:38| 751,379 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:39| 804,522 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:39| 751,404 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:40| 751,525 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:41| 751,407 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:41| 503,960 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:42| 751,417 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:42| 521,632 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:43| 751,304 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:43| 420,094 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:44| 436,663 \nInetRes.adml| Not versioned| 14-Jul-2021| 11:45| 436,663 \ninetres.admx| Not versioned| 12-Apr-2021| 22:59| 1,678,023 \nMsSpellCheckingFacility.exe| 6.3.9600.20091| 12-Jul-2021| 21:22| 970,752 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:24| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:25| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:26| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:27| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 12:32| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:28| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:29| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:30| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:31| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:32| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:33| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:35| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:36| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:37| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:38| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:39| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:40| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:41| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:42| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:43| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:44| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 14-Jul-2021| 11:45| 16,896 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 22:01| 5,507,584 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 21:28| 814,592 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:29| 785,408 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:39| 580,608 \niexplore.exe| 11.0.9600.20091| 13-Jul-2021| 12:28| 810,400 \ntdc.ocx| 11.0.9600.20091| 12-Jul-2021| 20:47| 73,728 \ndxtmsft.dll| 11.0.9600.20091| 12-Jul-2021| 20:51| 415,744 \ndxtrans.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 280,064 \nmsfeeds.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 696,320 \nmsfeeds.mof| Not versioned| 12-Jul-2021| 19:13| 1,518 \nmshtmled.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 76,800 \nmshtmlmedia.dll| 11.0.9600.20091| 12-Jul-2021| 20:36| 1,155,584 \nmshtml.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 20,293,632 \nmshtml.tlb| 11.0.9600.20091| 12-Jul-2021| 21:16| 2,724,864 \nwow64_Microsoft-Windows-IE-HTMLRendering.ptxml| Not versioned| 12-Jul-2021| 19:04| 3,228 \nieetwproxystub.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 47,616 \nieUnatt.exe| 11.0.9600.20091| 12-Jul-2021| 20:58| 115,712 \noccache.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 130,048 \nwebcheck.dll| 11.0.9600.20091| 12-Jul-2021| 20:37| 230,400 \niernonce.dll| 11.0.9600.20091| 12-Jul-2021| 21:00| 30,720 \niesetup.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 62,464 \nieuinit.inf| Not versioned| 12-Jul-2021| 20:01| 16,303 \nieframe.dll| 11.0.9600.20091| 12-Jul-2021| 20:43| 13,882,368 \nieui.dll| 11.0.9600.20091| 12-Jul-2021| 20:59| 476,160 \nie9props.propdesc| Not versioned| 4-Mar-2021| 13:47| 2,843 \nwow64_ieframe.ptxml| Not versioned| 12-Jul-2021| 19:04| 24,486 \njscript9.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 4,119,040 \njscript9diag.dll| 11.0.9600.20091| 12-Jul-2021| 20:58| 620,032 \njscript.dll| 5.8.9600.20091| 12-Jul-2021| 20:58| 653,824 \nvbscript.dll| 5.8.9600.20091| 12-Jul-2021| 21:07| 498,176 \nurlmon.dll| 11.0.9600.20091| 12-Jul-2021| 20:21| 1,342,976 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 31,744 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 39,424 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 32,768 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 37,376 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 38,400 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 30,720 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 35,328 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 36,864 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 25,600 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 24,576 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 36,352 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 35,840 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 34,816 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 33,280 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 34,304 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 20,992 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwebcheck.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 21,504 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,592 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 56,320 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 57,856 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 49,664 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 55,296 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 45,056 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,424 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 35,840 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 53,760 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 54,272 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 51,200 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 53,248 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 52,736 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 51,712 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 50,688 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 50,176 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \nwininet.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 30,720 \ninetcpl.cpl| 11.0.9600.20091| 12-Jul-2021| 20:37| 2,058,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nDiagnosticsTap.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 10,752 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 307,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 293,888 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 290,304 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 299,008 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 303,104 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 282,112 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 283,648 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 291,840 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 299,520 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 275,968 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 293,376 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 296,960 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 258,048 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 256,512 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 289,280 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 288,256 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 285,184 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 297,472 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 295,424 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 294,400 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 292,864 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 290,816 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 288,768 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 286,208 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 281,600 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 286,720 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 292,352 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 242,176 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 243,200 \nmshtml.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 243,200 \nJavaScriptCollectionAgent.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 60,416 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 46,080 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 51,712 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 54,272 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 45,056 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 39,936 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 39,424 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 47,616 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 51,200 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 50,688 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 50,176 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 49,664 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 48,640 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 49,152 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 48,128 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \nurlmon.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 35,328 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 11,264 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 9,216 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 7,680 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,752 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 9,728 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 10,240 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 6,656 \noccache.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 6,656 \nwininet.dll| 11.0.9600.20091| 12-Jul-2021| 20:26| 4,387,840 \njsproxy.dll| 11.0.9600.20091| 12-Jul-2021| 21:01| 47,104 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 114,176 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 124,928 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 122,880 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 130,048 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 138,240 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 114,688 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 131,584 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 117,760 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 122,368 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 134,144 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 107,008 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 127,488 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 128,512 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 88,576 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 82,944 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 123,392 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 120,320 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 130,560 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 125,952 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 128,000 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 129,024 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 124,416 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 121,856 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 115,712 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 123,904 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 125,440 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 72,704 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \ninetcpl.cpl.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 73,728 \niedkcs32.dll| 18.0.9600.20091| 13-Jul-2021| 12:28| 341,920 \ninstall.ins| Not versioned| 12-Jul-2021| 19:02| 464 \nieapfltr.dat| 10.0.9301.0| 4-Mar-2021| 13:41| 616,104 \nieapfltr.dll| 11.0.9600.20091| 12-Jul-2021| 20:18| 710,656 \niedvtool.dll| 11.0.9600.20091| 12-Jul-2021| 21:35| 772,608 \nDiagnosticsTap.dll| 11.0.9600.20091| 12-Jul-2021| 20:50| 175,104 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 2,048 \nF12Tools.dll| 11.0.9600.20091| 12-Jul-2021| 20:49| 256,000 \nmsfeedsbs.mof| Not versioned| 12-Jul-2021| 19:13| 1,574 \nmsfeedsbs.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 52,736 \nmsfeedssync.exe| 11.0.9600.20091| 12-Jul-2021| 21:07| 11,776 \nhtml.iec| 2019.0.0.20091| 12-Jul-2021| 21:06| 341,504 \nielowutil.exe| 11.0.9600.20091| 12-Jul-2021| 21:00| 221,184 \nieproxy.dll| 11.0.9600.20091| 12-Jul-2021| 20:16| 310,784 \nIEShims.dll| 11.0.9600.20091| 12-Jul-2021| 20:20| 290,304 \njsprofilerui.dll| 11.0.9600.20091| 12-Jul-2021| 20:46| 579,584 \nMshtmlDac.dll| 11.0.9600.20091| 12-Jul-2021| 21:05| 64,000 \nnetworkinspection.dll| 11.0.9600.20091| 12-Jul-2021| 20:42| 1,075,200 \nmsrating.dll| 11.0.9600.20091| 12-Jul-2021| 20:45| 168,960 \nicrav03.rat| Not versioned| 4-Mar-2021| 13:44| 8,798 \nticrf.rat| Not versioned| 4-Mar-2021| 13:44| 1,988 \niertutil.dll| 11.0.9600.20091| 12-Jul-2021| 21:06| 2,308,608 \nsqmapi.dll| 6.2.9200.16384| 13-Jul-2021| 12:28| 228,256 \ninseng.dll| 11.0.9600.20091| 12-Jul-2021| 20:47| 91,136 \nVGX.dll| 11.0.9600.20091| 12-Jul-2021| 20:44| 818,176 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,066,432 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 2,121,216 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 2,063,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 2,314,240 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,390,528 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:07| 2,033,152 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 2,255,872 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,061,312 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 2,326,016 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,019,840 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 2,071,040 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 2,082,816 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,307,584 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 2,170,368 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 2,153,984 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,291,712 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 2,283,520 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,052,096 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 2,301,952 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 2,093,056 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,075,648 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 2,299,392 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,094,592 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 2,316,800 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 2,305,536 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,278,912 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 2,285,568 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,584 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 2,060,288 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,315,776 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 2,279,424 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,324,992 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 2,098,176 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieframe.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:51| 1,890,304 \nieui.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 3,072 \nieinstal.exe| 11.0.9600.20091| 12-Jul-2021| 20:43| 475,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:29| 29,184 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:30| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:31| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 35,328 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:32| 37,888 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 13:06| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:33| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:34| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:35| 27,648 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:36| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:37| 33,792 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:38| 23,040 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:39| 22,016 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:40| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:41| 31,232 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 34,304 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 35,840 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:42| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:43| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:44| 34,816 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 33,280 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:45| 32,256 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:46| 32,768 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:47| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 30,720 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:48| 29,696 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:49| 16,384 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \njscript9.dll.mui| 11.0.9600.20091| 13-Jul-2021| 12:50| 16,896 \n \n### Windows Server 2008\n\n### \n\n__\n\nInternet Explorer 9 on all supported x86-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,142,784 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 13:39| 751,512 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,427,968 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,132,544 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 13:29| 66,048 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 13:28| 63,488 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 678,912 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 354,304 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 223,744 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 607,744 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 13:09| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 13:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 41,472 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 10,752 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 11,776 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 13:31| 367,616 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 72,704 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 13:34| 12,845,056 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 13:28| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 223,232 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 195,072 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 194,560 \nExtExport.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 22,528 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 142,848 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 387,584 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 13:40| 142,744 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 769,024 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 231,936 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 9,757,696 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 13:27| 176,640 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 474,624 \nInetRes.adml| Not versioned| 13-Jul-2021| 13:44| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 104,448 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 723,456 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 13:35| 1,819,648 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 434,176 \n \n### \n\n__\n\nInternet Explorer 9 on all supported x64-based versions\n\n**File name**| **File version**| **Date**| **Time**| **File size** \n---|---|---|---|--- \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 14:24| 1,391,616 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 14:38| 757,656 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 14:23| 1,494,528 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 14:24| 1,395,200 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 97,280 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 14:23| 86,528 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 14:22| 76,800 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 887,808 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 452,608 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 281,600 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 729,088 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 14:01| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 14:01| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 55,296 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 14:22| 11,264 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 14:22| 12,800 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 14:26| 448,512 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 96,256 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 14:33| 18,812,416 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 14:22| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 223,744 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 550,912 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 305,664 \nWindows Pop-up Blocked.wav| Not versioned| 11-Mar-2021| 0:00| 85,548 \nWindows Information Bar.wav| Not versioned| 11-Mar-2021| 0:00| 23,308 \nWindows Feed Discovered.wav| Not versioned| 11-Mar-2021| 0:00| 19,884 \nWindows Navigation Start.wav| Not versioned| 11-Mar-2021| 0:00| 11,340 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 173,056 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 499,200 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 2,163,200 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 14:39| 176,024 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 997,376 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 237,056 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 14:25| 10,944,000 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 14:21| 248,320 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 14:23| 490,496 \nInetRes.adml| Not versioned| 13-Jul-2021| 14:43| 393,813 \ninetres.admx| Not versioned| 11-Mar-2021| 0:10| 1,601,204 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 14:23| 141,312 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 14:23| 818,176 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 14:29| 2,358,784 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 14:23| 583,680 \niexplore.exe| 9.0.8112.21581| 13-Jul-2021| 13:39| 751,512 \nieUnatt.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 142,848 \nurlmon.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,142,784 \ninetcpl.cpl| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,427,968 \nwininet.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 1,132,544 \njsproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 75,776 \nWininetPlugin.dll| 1.0.0.1| 13-Jul-2021| 13:29| 66,048 \ntdc.ocx| 9.0.8112.21581| 13-Jul-2021| 13:28| 63,488 \niedvtool.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 678,912 \ndxtmsft.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 354,304 \ndxtrans.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 223,744 \nmsfeeds.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 607,744 \nmsfeeds.mof| Not versioned| 13-Jul-2021| 13:09| 1,518 \nmsfeedsbs.mof| Not versioned| 13-Jul-2021| 13:09| 1,574 \nmsfeedsbs.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 41,472 \nmsfeedssync.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 10,752 \nmshta.exe| 9.0.8112.21581| 13-Jul-2021| 13:28| 11,776 \nhtml.iec| 2019.0.0.21576| 13-Jul-2021| 13:31| 367,616 \nmshtmled.dll| 9.0.8112.21581| 13-Jul-2021| 13:28| 72,704 \nmshtml.dll| 9.0.8112.21581| 13-Jul-2021| 13:34| 12,845,056 \nmshtml.tlb| 9.0.8112.21581| 13-Jul-2021| 13:28| 2,382,848 \nielowutil.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 223,232 \nieproxy.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 195,072 \nIEShims.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 194,560 \nExtExport.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 22,528 \njsdbgui.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 387,584 \niertutil.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 1,808,384 \nsqmapi.dll| 6.0.6000.16386| 13-Jul-2021| 13:40| 142,744 \nVGX.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 769,024 \nurl.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 231,936 \nieframe.dll| 9.0.8112.21581| 13-Jul-2021| 13:30| 9,757,696 \nieui.dll| 9.0.8112.21581| 13-Jul-2021| 13:27| 176,640 \nieinstal.exe| 9.0.8112.21581| 13-Jul-2021| 13:29| 474,624 \njsdebuggeride.dll| 9.0.8112.21581| 13-Jul-2021| 13:29| 104,448 \njscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 723,456 \njscript9.dll| 9.0.8112.21581| 13-Jul-2021| 13:35| 1,819,648 \nvbscript.dll| 5.8.7601.21576| 13-Jul-2021| 13:29| 434,176 \n \n## **Information about protection and security**\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n\n## **References**\n\nLearn about the [terminology](<https://support.microsoft.com/help/824684>) that Microsoft uses to describe software updates.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-08-10T07:00:00", "type": "mskb", "title": "KB5005036: Cumulative security update for Internet Explorer: August 10, 2021", "bulletinFamily": "microsoft", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34480"], "modified": "2021-08-10T07:00:00", "id": "KB5005036", "href": "https://support.microsoft.com/en-us/help/5005036", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-19T10:52:14", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003667](<https://support.microsoft.com/help/5003667>) (released June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom **| **Workaround ** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive the following error:\"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \"Failure to configure Windows updates. Reverting Changes. Do not turn off your computer\", and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following: \n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter you install the items above, we strongly recommend that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004953>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004953](<https://download.microsoft.com/download/2/6/c/26ceb7c6-ee36-40d8-bd9c-a0cea2d48fdd/5004953.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004953 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004953", "href": "https://support.microsoft.com/en-us/help/5004953", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:09", "description": "None\n**12/8/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1507 update history home page.\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001399) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004950>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004950](<https://download.microsoft.com/download/7/6/2/7621b6b3-765e-4b2a-9358-5d49ad17e3fa/5004950.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004950 (OS Build 10240.18969) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004950", "href": "https://support.microsoft.com/en-us/help/5004950", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:14", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003671](<https://support.microsoft.com/help/5003671>) (released June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004954>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004954](<https://download.microsoft.com/download/7/3/c/73cce342-34cc-4e96-9924-e42c5a19efe3/5004954.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004954 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004954", "href": "https://support.microsoft.com/en-us/help/5004954", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:16", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nWSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, \"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, we strongly recommend that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004959>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004959](<https://download.microsoft.com/download/b/1/7/b172b821-2078-46a7-9d3b-ad57b43bc04a/5004959.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004959 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004959", "href": "https://support.microsoft.com/en-us/help/5004959", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:17", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010[.](<https://support.microsoft.com/help/5005010>)\nFor more information about the resolved security vulnerabilities, please refer to the [Security Update Guide](<https://portal.msrc.microsoft.com/security-guidance>).\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004960>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004960](<https://download.microsoft.com/download/b/6/5/b6562791-88a6-461f-a98d-366e9f7c194f/5004960.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 7, 2021\u2014KB5004960 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004960", "href": "https://support.microsoft.com/en-us/help/5004960", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:08", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**5/11/21** \n**REMINDER **Windows 10, version 1909 reached end of service on May 11, 2021 for devices running the Home, Pro, Pro for Workstation, Nano Container, and Server SAC editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10We will continue to service the following editions: Enterprise, Education, and IoT Enterprise.\n\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1909 update history home page.**Note **Follow [@WindowsUpdate](<https://twitter.com/windowsupdate>) to find out when new content is published to the release information dashboard.\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device. \n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\nMicrosoft is not currently aware of any issues with this update.\n\n## How to get this update\n\n**Before installing this update**Prerequisite:You must install the April 13, 2021 servicing stack update (SSU) (KB5001406) or the latest SSU (KB5003974) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004946>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10, version 1903 and later**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004946](<https://download.microsoft.com/download/3/8/0/380275c2-0d42-4deb-a865-5059529c83f5/5004946.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004946 (OS Build 18363.1646) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004946", "href": "https://support.microsoft.com/en-us/help/5004946", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:16", "description": "None\n**Important: **Windows 8.1 and Windows Server 2012 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 8.1 and Windows Server 2012 R2 update history [home page](<https://support.microsoft.com/help/4009470>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before you install the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001403](<https://support.microsoft.com/help/5001403>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004958>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 8.1, Windows Server 2012 R2, Windows Embedded 8.1 Industry Enterprise, Windows Embedded 8.1 Industry Pro**Classification**: Security Update \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004958](<https://download.microsoft.com/download/e/e/8/ee826b51-4cff-4102-9abf-cabaab679169/5004958.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004958 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004958", "href": "https://support.microsoft.com/en-us/help/5004958", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:08", "description": "None\n**11/19/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1607 update history home page. \n\n## Highlights\n\nThis security update includes key changes as follows:\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). \n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.For more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5010359. \n \n## How to get this update\n\n**Before installing this update**Microsoft strongly recommends you install the latest servicing stack update (SSU) for your operating system before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and Servicing Stack Updates (SSU): Frequently Asked Questions.If you are using Windows Update, the latest SSU (KB5001402) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog ](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004948>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 10**Classification**: Security Updates \n**File information**For a list of the files that are provided in this update, download the [file information for cumulative update 5004948](<https://download.microsoft.com/download/4/a/8/4a80157a-c3e5-45b0-ab2d-9e6001b8ecd2/5004948.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 7, 2021\u2014KB5004948 (OS Build 14393.4470) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004948", "href": "https://support.microsoft.com/en-us/help/5004948", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:15", "description": "None\n**Important: **Windows Server 2008 Service Pack 2 (SP2) has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2008 Service Pack 2 update history [home page](<https://support.microsoft.com/help/4343218>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003661](<https://support.microsoft.com/help/5003661>) (released June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010.](<https://support.microsoft.com/help/5005010>)\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive an error, \"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer\u201d, and the update might show as **Failed** in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\nIf you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://aka.ms/Windows7ESU>) post. For information on the prerequisites, see the \"How to get this update\" section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends on January 14, 2020.For more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The April 9, 2019 servicing stack update (SSU) ([KB4493730](<https://support.microsoft.com/help/4493730>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released October 8, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. The Extended Security Updates (ESU) Licensing Preparation Package ([KB4538484](<https://support.microsoft.com/help/4538484>)) or the Update for the Extended Security Updates (ESU) Licensing Preparation Package ([KB4575904](<https://support.microsoft.com/help/4575904>)). The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4580971](<https://support.microsoft.com/help/4580971>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update if you are an ESU customer. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004955>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2008 Service Pack 2**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004955](<https://download.microsoft.com/download/c/8/8/c88a24bd-9f1c-4cf1-8e26-cb65bd2ef4c7/5004955.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004955 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004955", "href": "https://support.microsoft.com/en-us/help/5004955", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:08", "description": "None\n**6/15/21 \nIMPORTANT **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the machine. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>).\n\n**5/11/21 \nREMINDER **Windows 10, version 1809 reached end of service on May 11, 2021 for devices running the Enterprise, Education, and IoT Enterprise editions. After May 11, 2021, these devices will no longer receive monthly security and quality updates that contain protection from the latest security threats. To continue receiving security and quality updates, Microsoft recommends updating to the latest version of Windows 10.We will continue to service the following editions: Enterprise G, HoloLens, and the LTSC editions for Client, Server, and IoT.\n\n**5/11/21 \nREMINDER **Microsoft removed the Microsoft Edge Legacy desktop application that is out of support in April 2021. In the May 11, 2021 release, we installed the new Microsoft Edge. For more information, see [New Microsoft Edge to replace Microsoft Edge Legacy with April\u2019s Windows 10 Update Tuesday release](<https://aka.ms/EdgeLegacyEOS>).\n\n**11/17/20** \nFor information about Windows update terminology, see the article about the [types of Windows updates](<https://docs.microsoft.com/en-us/troubleshoot/windows-client/deployment/standard-terminology-software-updates>) and the [monthly quality update types](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-quality-updates-primer/ba-p/2569385>). To view other notes and messages, see the Windows 10, version 1809 update history [page](<https://support.microsoft.com/en-us/help/4464619>).\n\n## Highlights\n\n * Updates a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>).\n\n## Improvements and fixes\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see KB5005010.\nIf you installed earlier updates, only the new fixes contained in this package will be downloaded and installed on your device.\n\n**Windows Update Improvements**Microsoft has released an update directly to the Windows Update client to improve reliability. Any device running Windows 10 configured to receive updates automatically from Windows Update, including Enterprise and Pro editions, will be offered the latest Windows 10 feature update based on device compatibility and Windows Update for Business deferral policy. This doesn't apply to long-term servicing editions.\n\n## Known issues in this update\n\n### \n\n__\n\nClick or tap to view the known issues\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing [KB4493509](<https://support.microsoft.com/en-us/help/4493509>), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"| \n\n 1. Uninstall and reinstall any recently added language packs. For instructions, see [Manage the input and display language settings in Windows 10](<https://support.microsoft.com/en-us/help/4496404>).\n 2. Select **Check for Updates** and install the April 2019 Cumulative Update. For instructions, see Update Windows 10.\n**Note **If reinstalling the language pack does not mitigate the issue, reset your PC as follows:\n\n 1. Go to the **Settings **app &gt; **Recovery**.\n 2. Select **Get Started** under the **Reset this PC **recovery option.\n 3. Select **Keep my Files**.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \nAfter installing KB5001342 or later, the Cluster Service might fail to start because a Cluster Network Driver is not found.| This issue occurs because of an update to the PnP class drivers used by this service. After about 20 minutes, you should be able to restart your device and not encounter this issue. \nFor more information about the specific errors, cause, and workaround for this issue, please see KB5003571. \nAfter installing updates released April 22, 2021 or later, an issue occurs that affects versions of Windows Server that are in use as a Key Management Services (KMS) host. Client devices running Windows 10 Enterprise LTSC 2019 and Windows 10 Enterprise LTSC 2016 might fail to activate. This issue only occurs when using a new Customer Support Volume License Key (CSVLK). **Note** This does not affect activation of any other version or edition of Windows. Client devices that are attempting to activate and are affected by this issue might receive the error, \"Error: 0xC004F074. The Software Licensing Service reported that the computer could not be activated. No Key Management Service (KMS) could be contacted. Please see the Application Event Log for additional information.\"Event Log entries related to activation are another way to tell that you might be affected by this issue. Open **Event Viewer **on the client device that failed activation and go to **Windows Logs **&gt; **Application**. If you see only event ID 12288 without a corresponding event ID 12289, this means one of the following:\n\n * The KMS client could not reach the KMS host.\n * The KMS host did not respond.\n * The client did not receive the response.\nFor more information on these event IDs, see [Useful KMS client events - Event ID 12288 and Event ID 12289](<https://docs.microsoft.com/windows-server/get-started/activation-troubleshoot-kms-general#event-id-12288-and-event-id-12289>).| This issue is resolved in KB5009616. \n \n## How to get this update\n\n**Before installing this update**Prerequisite:You **must **install the May 11, 2021 servicing stack update (SSU) (KB5003243) or the latest SSU (KB5003711) before installing the latest cumulative update (LCU). SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/en-us/help/4535697>).If you are using Windows Update, the latest SSU will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/home.aspx>).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update or Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nWindows Update for Business| Yes| None. This update will be downloaded and installed automatically from Windows Update in accordance with configured policies. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004947>)website. \nWindows Server Update Services (WSUS)| Yes| You can import this update into WSUS manually. See the [Microsoft Update Catalog](<https://docs.microsoft.com/en-us/windows-server/administration/windows-server-update-services/manage/wsus-and-the-catalog-site#the-microsoft-update-catalog-site>) for instructions. \n**File information **For a list of the files that are provided in this update, download the [file information for cumulative update 5004947](<https://download.microsoft.com/download/5/5/3/553b918f-10d2-4ecb-aa41-3aad1fbfe0c3/5004947.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004947 (OS Build 17763.2029) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004947", "href": "https://support.microsoft.com/en-us/help/5004947", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:15", "description": "None\n**Important: **This release includes the Flash Removal Package. Taking this update will remove Adobe Flash from the device. For more information, see the [Update on Adobe Flash Player End of Support](<https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/>). \n\n**Important: **Windows Server 2012 has reached the end of mainstream support and is now in extended support. Starting in July 2020, there will no longer be optional releases (known as \"C\" or \"D\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows Server 2012 update history [home page](<https://support.microsoft.com/help/4009471>).\n\n## **Improvements and fixes**\n\nThis security update includes improvements and fixes that were a part of update [KB5003697](<https://support.microsoft.com/help/5003697>) (released previous June 8, 2021) and addresses the following issues:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \u201cSTATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\u201d. This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update**We strongly recommend that you install the latest servicing stack update (SSU) for your operating system before installing the latest Rollup. SSUs improve the reliability of the update process to mitigate potential issues while installing the Rollup and applying Microsoft security fixes. For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).If you use Windows Update, the latest SSU ([KB5001401](<https://support.microsoft.com/help/5001401>)) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). **Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| Yes| None. This update will be downloaded and installed automatically from Windows Update. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004956>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows Server 2012, Windows Embedded 8 Standard**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004956](<https://download.microsoft.com/download/e/f/5/ef50021e-60a9-47da-be60-b2687db452d3/5004956.csv>). \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 7, 2021\u2014KB5004956 (Monthly Rollup) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004956", "href": "https://support.microsoft.com/en-us/help/5004956", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-05-19T10:52:11", "description": "None\n**Important: **Windows 7 and Windows Server 2008 R2 have reached the end of mainstream support and are now in extended support. Starting in July 2020, there will no longer be optional, non-security releases (known as \"C\" releases) for this operating system. Operating systems in extended support have only cumulative monthly security updates (known as the \"B\" or Update Tuesday release). \n \nVerify that** **you have installed the required updates listed in the **How to get this update** section before installing this update. \n \nFor information about the various types of Windows updates, such as critical, security, driver, service packs, and so on, please see the following [article](<https://support.microsoft.com/help/824684>). To view other notes and messages, see the Windows 7 and Windows Server 2008 R2 update history [home page](<https://support.microsoft.com/help/4009469>).\n\n## **Improvements and fixes**\n\nThis security update includes quality improvements. Key changes include:\n\n * Addresses a remote code execution exploit in the Windows Print Spooler service, known as \u201cPrintNightmare\u201d, as documented in [CVE-2021-34527](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>). After installing this and later Windows updates, users who are not administrators can only install signed print drivers to a print server. By default, administrators can install signed and unsigned printer drivers to a print server. The installed root certificates in the system\u2019s Trusted Root Certification Authorities trusts signed drivers. Microsoft recommends that you immediately install this update on all supported Windows client and server operating system, starting with devices that currently host the print server role. You also have the option to configure the **RestrictDriverInstallationToAdministrators** registry setting to prevent non-administrators from installing signed printer drivers on a print server. For more information, see [KB5005010](<https://support.microsoft.com/help/5005010>).\nFor more information about the resolved security vulnerabilities, please refer to the new [Security Update Guide](<https://msrc.microsoft.com/update-guide>) website.\n\n## **Known issues in this update**\n\n**Symptom**| **Workaround** \n---|--- \nAfter installing this update or later updates, connections to SQL Server 2005 might fail. You might receive the following error: \n \n\"Cannot connect to &lt;Server name&gt;, Additional information: A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) (.Net SqlClient Data Provider)\"| This is expected behavior due to a security hardening change in this update. To resolve this issue, you will need to update to a [supported version of SQL Server](<https://docs.microsoft.com/en-us/lifecycle/products/?terms=sql%20server>). \nAfter installing this update and restarting your device, you might receive the error, \u201cFailure to configure Windows updates. Reverting Changes. Do not turn off your computer,\u201d and the update might show as **Failed **in **Update History**.| This is expected in the following circumstances:\n\n * If you are installing this update on a device that is running an edition that is not supported for ESU. For a complete list of which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).\n * If you do not have an ESU MAK add-on key installed and activated.\n * If you have purchased an ESU key and have encountered this issue, please verify you have applied all prerequisites and that your key is activated. For information on activation, please see this [blog](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/obtaining-extended-security-updates-for-eligible-windows-devices/ba-p/1167091>) post. For information on the prerequisites, see the **How to get this update** section of this article. \nCertain operations, such as **rename**, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn\u2019t have administrator privilege.| Do one of the following:\n\n * Perform the operation from a process that has administrator privilege.\n * Perform the operation from a node that doesn\u2019t have CSV ownership.\nMicrosoft is working on a resolution and will provide an update in an upcoming release. \n \n## **How to get this update**\n\n**Before installing this update****IMPORTANT** Customers who have purchased the Extended Security Update (ESU) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/help/4522133>) to continue receiving security updates after extended support ends. Extended support ends as follows:\n\n * For Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1, extended support ends on January 14, 2020.\n * For Windows Embedded Standard 7, extended support ends on October 13, 2020.\nFor more information about ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/help/4497181>).**Note** For Windows Embedded Standard 7, Windows Management Instrumentation (WMI) must be enabled to get updates from Windows Update or Windows Server Update Services.**Prerequisite:**You must install the updates listed below and **restart your device** before installing the latest Rollup. Installing these updates improves the reliability of the update process and mitigates potential issues while installing the Rollup and applying Microsoft security fixes.\n\n 1. The March 12, 2019 servicing stack update (SSU) ([KB4490628](<https://support.microsoft.com/help/4490628>)). To get the standalone package for this SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). This update is required to install updates that are only SHA-2 signed.\n 2. The latest SHA-2 update ([KB4474419](<https://support.microsoft.com/help/4474419>)) released September 10, 2019. If you are using Windows Update, the latest SHA-2 update will be offered to you automatically. This update is required to install updates that are only SHA-2 signed. For more information on SHA-2 updates, see [2019 SHA-2 Code Signing Support requirement for Windows and WSUS](<https://support.microsoft.com/help/4472027>).\n 3. For Windows Thin PC, you must have the August 11, 2020 SSU ([KB4570673](<https://support.microsoft.com/help/4570673>)) or a later SSU installed to make sure you continue to get the extended security updates starting with the October 13, 2020 updates.\n 4. To get this security update, you must reinstall the \"Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4538483](<https://support.microsoft.com/help/4538483>)) or the \"Update for the Extended Security Updates (ESU) Licensing Preparation Package\" ([KB4575903](<https://support.microsoft.com/help/4575903>)) even if you previously installed the ESU key. The ESU licensing preparation package will be offered to you from WSUS. To get the standalone package for ESU licensing preparation package, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>).\nAfter installing the items above, Microsoft strongly recommends that you install the latest SSU ([KB4592510](<https://support.microsoft.com/help/4592510>)). If you are using Windows Update, the latest SSU will be offered to you automatically if you are an ESU customer. To get the standalone package for the latest SSU, search for it in the [Microsoft Update Catalog](<http://www.catalog.update.microsoft.com/home.aspx>). For general information about SSUs, see [Servicing stack updates](<https://docs.microsoft.com/en-us/windows/deployment/update/servicing-stack-updates>) and [Servicing Stack Updates (SSU): Frequently Asked Questions](<https://support.microsoft.com/help/4535697>).**REMINDER** If you are using Security-only updates, you will also need to install all previous Security-only updates and the latest cumulative update for Internet Explorer ([KB5003636](<https://support.microsoft.com/help/5003636>)).**Install this update****Release Channel**| **Available**| **Next Step** \n---|---|--- \nWindows Update and Microsoft Update| No| See the other options below. \nMicrosoft Update Catalog| Yes| To get the standalone package for this update, go to the [Microsoft Update Catalog](<https://www.catalog.update.microsoft.com/Search.aspx?q=KB5004951>) website. \nWindows Server Update Services (WSUS)| Yes| This update will automatically sync with WSUS if you configure **Products and Classifications** as follows:**Product**: Windows 7 Service Pack 1, Windows Server 2008 R2 Service Pack 1, Windows Embedded Standard 7 Service Pack 1, Windows Embedded POSReady 7, Windows Thin PC**Classification**: Security Updates \n \n## **File information**\n\nFor a list of the files that are provided in this update, download the [file information for update 5004951](<https://download.microsoft.com/download/e/b/5/eb523bca-d712-4df9-991a-c3ba662ee308/5004951.csv>).\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T07:00:00", "type": "mskb", "title": "July 6, 2021\u2014KB5004951 (Security-only update) Out-of-band", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-07-01T07:00:00", "id": "KB5004951", "href": "https://support.microsoft.com/en-us/help/5004951", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-07-19T16:25:33", "description": "Microsoft has warned of yet another vulnerability that\u2019s been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The advisory comes on the heels of patching two other remote code-execution (RCE) bugs found in the print service that collectively became known as PrintNightmare.\n\nThe company released [the advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34481>) late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as [CVE-2021-34481](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34481>). Microsoft credited Dragos vulnerability researcher Jacob Baines for identifying the issue.\n\nThe vulnerability \u201cexists when the Windows Print Spooler service improperly performs privileged file operations,\u201d according to Microsoft.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nAttackers who successfully exploit the bug can run arbitrary code with SYSTEM privileges, allowing them to install programs, view, change or delete data, or create new accounts with full user rights, the company said.\n\nTo work around the bug, administrators and users should stop and disable the Print Spooler service, Microsoft said.\n\n## **Slightly Less of a \u2018PrintNightmare\u2019**\n\nThe vulnerability is the latest in a flurry of problems discovered in Windows Print Spooler, but seems slightly less dangerous, as it can only be exploited locally. It rates 7.8 out of 10 on the CVSS vulnerability-severity scale.\n\nIndeed, [Baines told BleepingComputer](<https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-new-windows-print-spooler-vulnerability/>) that while the bug is print driver-related, \u201cthe attack is not really related to PrintNightmare.\u201d Baines plans to disclose more about the little-known vulnerability in [an upcoming presentation](<https://defcon.org/html/defcon-29/dc-29-speakers.html#baines>) at DEF CON in August.\n\nThe entire saga surrounding Windows Print Spooler [began Tuesday, June 30](<https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/>), when a proof-of-concept (PoC) for an initial vulnerability in the print service was dropped on GitHub showing how an attacker can exploit the flaw to take control of an affected system.\n\nThe response to the situation soon turned into confusion. Though Microsoft released an [update for CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>) in it its usual raft of [monthly Patch Tuesday updates](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>), fixing what it thought was a minor elevation-of-privilege vulnerability, the listing was updated later in the week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE.\n\nHowever, soon after it became clear to many experts that Microsoft\u2019s initial patch didn\u2019t fix the entire problem. The federal government even stepped in last Thursday, when CERT/CC [offered its own mitigation](<https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/>) for PrintNightmare that Microsoft has since adopted \u2014 advising system administrators to disable the Windows Print Spooler service in Domain Controllers and systems that do not print.\n\nTo further complicate matters, Microsoft also last Thursday dropped [a notice](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) for a bug called \u201cWindows Print Spooler Remote Code Execution Vulnerability\u201d that appeared to be the same vulnerability, but with a different CVE number\u2014in this case, CVE-2021-34527. The company explained that the second bug was similar to the earlier PrintNightmare vulnerability but also its own distinct entity.\n\nEventually, Microsoft last Wednesday [released an emergency cumulative patch](<https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/>) for both PrintNightmare bugs that included all previous patches as well as protections for CVE-2021-1675 as well as a new fix for CVE-2021-34527.\n\nHowever, that fix also [was incomplete](<https://www.kb.cert.org/vuls/id/383432>), and Microsoft continues to work on further remediations as it also works to patch this latest bug, CVE-2021-34481. In the meantime, affected customers should install the most recent Microsoft updates as well as use the workaround to avoid exploitation, the company said.\n\n**_Check out our free _**[**_upcoming live and on-demand webinar events_**](<https://threatpost.com/category/webinars/>)**_ \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community._**\n", "cvss3": {}, "published": "2021-07-16T11:57:53", "type": "threatpost", "title": "Microsoft: Unpatched Bug in Windows Print Spooler", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-34481", "CVE-2021-34527"], "modified": "2021-07-16T11:57:53", "id": "THREATPOST:A8242348917526090B7A1B23735D5C6C", "href": "https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-13T19:49:18", "description": "One day after dropping its scheduled August Patch Tuesday update, Microsoft issued a warning about yet another unpatched privilege escalation/remote code-execution (RCE) vulnerability in the Windows Print Spooler that can be filed under the [PrintNightmare umbrella](<https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/>).\n\nThe news comes amid plenty of PrintNightmare exploitation. Researchers from CrowdStrike warned in a [Wednesday report](<https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/>) that the operators of the Magniber ransomware quickly weaponized CVE-2021-34527 to attack users in South Korea, with attacks dating back to at least July 13. And Cisco Talos [said Thursday](<https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html>) that the Vice Society gang was seen using CVE-2021-1675 and CVE-2021-34527 to spread laterally across a victim\u2019s network as part of a recent ransomware attack.\n\n\u201cIn technology, almost nothing ages gracefully,\u201d Chris Clements, vice president of solutions architecture and Cerberus security officer at Cerberus Sentinel, told Threatpost. \u201cThe Print Spooler in Windows is proving that rule. It\u2019s likely that the code has changed little in the past decades and likely still bears a striking resemblance to source code that was made public in previous Windows leaks. I\u2019ve heard it said that ransomware gangs might also be referred to as \u2018technical debt collectors,\u2019 which would be funnier if the people suffering most from these vulnerabilities weren\u2019t Microsoft\u2019s customers.\u201d\n\n[](<https://threatpost.com/infosec-insider-subscription-page/?utm_source=ART&utm_medium=ART&utm_campaign=InfosecInsiders_Newsletter_Promo/>)\n\nThe fresh zero-day bug, tracked as CVE-2021-36958, carries a CVSS vulnerability-severity scale rating of 7.3, meaning that it\u2019s rated as \u201cimportant.\u201d Microsoft said that it allows for a local attack vector requiring user interaction, but that the attack complexity is low, with few privileges required.\n\n\u201cA remote code-execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,\u201d the computing giant explained in its [Wednesday advisory](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958>). \u201cAn attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights.\u201d\n\nThe CERT Coordination Center actually flagged the issue in mid-July, when it warned that a [working exploit](<https://twitter.com/gentilkiwi/status/1416429860566847490>) was available. That proof-of-concept (PoC), issued by Mimikatz creator Benjamin Delpy, comes complete with a video.\n\n> Hey guys, I reported the vulnerability in Dec'20 but haven't disclosed details at MSRC's request. It looks like they acknowledged it today due to the recent events with print spooler.\n> \n> \u2014 Victor Mata (@offenseindepth) [August 11, 2021](<https://twitter.com/offenseindepth/status/1425574625384206339?ref_src=twsrc%5Etfw>)\n\nOn Thursday, CERT/CC issued more details on the issue, explaining that it arises from an oversight in signature requirements around the \u201cPoint and Print\u201d capability, which allows users without administrative privileges to install printer drivers that execute with SYSTEM privileges via the Print Spooler service.\n\nWhile Microsoft requires that printers installable via Point are either signed by a WHQL release signature or by a trusted certificate, Windows printer drivers can specify queue-specific files that are associated with the use of the device, which leaves a loophole for malicious actors.\n\n\u201cFor example, a shared printer can specify a CopyFiles directive for arbitrary files,\u201d according to the CERT/CC [advisory](<https://www.kb.cert.org/vuls/id/131152>). \u201cThese files, which may be copied over alongside the digital-signature-enforced printer driver files, are not covered by any signature requirement. Furthermore, these files can be used to overwrite any of the signature-verified files that were placed on a system during printer driver install. This can allow for local privilege escalation to SYSTEM on a vulnerable system.\u201d\n\nMicrosoft credited Victor Mata of FusionX at Accenture Security with originally reporting the issue, which Mata said occurred back in December 2020:\n\n> Hey guys, I reported the vulnerability in Dec\u201920 but haven\u2019t disclosed details at MSRC\u2019s request. It looks like they acknowledged it today due to the recent events with print spooler.\n> \n> \u2014 Victor Mata (@offenseindepth) [August 11, 2021](<https://twitter.com/offenseindepth/status/1425574625384206339?ref_src=twsrc%5Etfw>)\n\nSo far, Microsoft hasn\u2019t seen any attacks in the wild using the bug, but it noted that exploitation is \u201cmore likely.\u201d With a working exploit in circulation, that seems a fair assessment.\n\n## **Print Spooler-Palooza and the PrintNightmare **\n\nDelpy characterized this latest zero-day as being part of the string of Print Spooler bugs collectively known as PrintNightmare.\n\nThe bad dream started in early July, when a PoC exploit for a bug tracked as CVE-2021-1675 was [dropped on GitHub](<https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/>). The flaw was originally addressed in [June\u2019s Patch Tuesday updates](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>) from Microsoft as a minor elevation-of-privilege vulnerability, but the PoC showed that it\u2019s actually a critical Windows security vulnerability that can be used for RCE. That prompted Microsoft to issue a different CVE number \u2013 in this case, CVE-2021-34527 \u2013 to designate the RCE variant, and it prompted [an emergency partial patch](<https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/>), too.\n\n\u201cThis vulnerability is similar but distinct from the vulnerability that is assigned CVE-2021-1675, which addresses a different vulnerability in RpcAddPrinterDriverEx(),\u201d the company wrote in the advisory at the time. \u201cThe attack vector is different as well. CVE-2021-1675 was addressed by the June 2021 security update.\u201d\n\nBoth bugs \u2013 which are really just variants of a single issue \u2013 are collectively known as PrintNightmare. The PrintNightmare umbrella expanded a bit later in July, when yet another, [similar bug was disclosed](<https://threatpost.com/microsoft-unpatched-bug-windows-print-spooler/167855/>), tracked as CVE-2021-34481. It remained unpatched until it was finally addressed with [an update](<https://support.microsoft.com/en-us/topic/kb5005652-manage-new-point-and-print-default-driver-installation-behavior-cve-2021-34481-873642bf-2634-49c5-a23b-6d8e9a302872>) issued alongside the [August Patch Tuesday updates](<https://threatpost.com/exploited-windows-zero-day-patch/168539/>) (which itself detailed three additional Print Spooler vulnerabilities, one critical).\n\n## **How to Protect Systems from Print Spooler Attacks**\n\nAs mentioned, there\u2019s no patch yet for the bug, but users can protect themselves by simply stopping and disabling the Print Spooler service:\n\n\n\nSource: Microsoft.\n\nCERT/CC also said that since public exploits for Print Spooler attacks use the SMB file-sharing service for remote connectivity to a malicious shared printer, blocking outbound connections to SMB resources would thwart some attacks by blocking malicious SMB printers that are hosted outside of the network.\n\n\u201cHowever, Microsoft indicates that printers can be shared via the Web Point-and-Print Protocol, which may allow installation of arbitrary printer drivers without relying on SMB traffic,\u201d according to CERT/CC. \u201cAlso, an attacker local to your network would be able to share a printer via SMB, which would be unaffected by any outbound SMB traffic rules.\u201d\n\nIn its update advisory for CVE-2021-34481, Microsoft also detailed how to amend the default Point and Print functionality, which prevents non-administrator users from installing or updating printer drivers remotely and which could help mitigate the latest zero-day.\n\nWorried about where the next attack is coming from? We\u2019ve got your back. **[REGISTER NOW](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)** for our upcoming live webinar, How to **Think Like a Threat Actor**, in partnership with Uptycs on Aug. 17 at 11 AM EST and find out precisely where attackers are targeting you and how to get there first. Join host Becky Bracken and Uptycs researchers Amit Malik and Ashwin Vamshi on **[Aug. 17 at 11AM EST for this LIVE discussion](<https://threatpost.com/webinars/how-to-think-like-a-threat-actor/?utm_source=ART&utm_medium=ART&utm_campaign=August_Uptycs_Webinar>)**.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-08-12T13:19:50", "type": "threatpost", "title": "Microsoft Warns: Another Unpatched PrintNightmare Zero-Day", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1675", "CVE-2021-34481", "CVE-2021-34527", "CVE-2021-36958"], "modified": "2021-08-12T13:19:50", "id": "THREATPOST:ADA9E95C8FD42722E783C74443148525", "href": "https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-08T07:53:10", "description": "Microsoft has released an emergency patch for the PrintNightmare, a set of two critical remote code-execution (RCE) vulnerabilities in the Windows Print Spooler service that hackers can use to take over an infected system. However, more fixes are necessary before all Windows systems affected by the bug are completely protected, according to the federal government.\n\nMicrosoft on Tuesday released an [out-of-band update](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) for several versions of Windows to address [CVE-2021-34527](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34527>), the second of two bugs that were initially thought to be one flaw and which have been dubbed PrintNightmare by security researchers.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nHowever, the latest fix only appears to address the RCE variants of PrintNightmare, and not the local privilege escalation (LPE) variant, according to an [advisory](<https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare>) by the Cybersecurity Infrastructure and Security Administration (CISA), citing a [VulNote](<https://www.kb.cert.org/vuls/id/383432>) published by the CERT Coordination Center (CERT/CC).\n\nMoreover, the updates do not include Windows 10 version 1607, Windows Server 2012 or Windows Server 2016, which will be patched at a later date, according to CERT/CC.\n\n## **A Tale of Two Vulnerabilities**\n\nThe PrintNightmare saga [began last Tuesday](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) when a proof-of-concept (PoC) exploit for the vulnerability \u2014 at that time tracked as CVE-2021-1675 \u2014 was dropped on GitHub showing how an attacker can exploit the vulnerability to take control of an affected system. While it was taken back down within a few hours, the code was copied and remains in circulation on the platform.\n\nThe response to the situation soon turned into confusion. Though Microsoft released an [patch for CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>) in it its usual raft of [monthly Patch Tuesday updates](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>), addressing what it thought was a minor EoP vulnerability, the listing was updated later in the week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE.\n\nHowever, it soon became clear to many experts that Microsoft\u2019s initial patch didn\u2019t fix the entire problem. CERT/CC on Thursday offered its own workaround for PrintNightmare, advising system administrators to disable the Windows Print Spooler service in Domain Controllers and systems that do not print.\n\nTo further complicate matters, Microsoft also last Thursday dropped [a notice](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) for a bug called \u201cWindows Print Spooler Remote Code Execution Vulnerability\u201d that appeared to be the same vulnerability, but with a different CVE number\u2014in this case, CVE-2021-34527.\n\n\u201cThis vulnerability is similar but distinct from the vulnerability that is assigned CVE-2021-1675, which addresses a different vulnerability in RpcAddPrinterDriverEx(),\u201d the company wrote in the advisory at the time. \u201cThe attack vector is different as well. CVE-2021-1675 was addressed by the June 2021 security update.\u201d\n\n## **Microsoft Issues Incomplete Patch**\n\nThe fix released this week addresses CVE-2021-34527, and includes protections for CVE-2021-1675, according to the CISA, which is encouraging users and administrators to review the [Microsoft Security Updates](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) as well as [CERT/CC Vulnerability Note VU #383432](<https://www.kb.cert.org/vuls/id/383432>) and apply the necessary updates or workarounds.\n\nBut as noted, it won\u2019t fix all systems.\n\nSo, in cases where a system is not protected by the patch, Microsoft is offering several workarounds for PrintNightmare. One is very similar to the federal government\u2019s solution from last week: To stop and disable the Print Spooler service \u2014 and thus the ability to print both locally and remotely \u2014 by using the following PowerShell commands: Stop-Service -Name Spooler -Force and Set-Service -Name Spooler -StartupType Disabled.\n\nThe second workaround is to disable inbound remote printing through Group Policy by disabling the \u201cAllow Print Spooler to accept client connections\u201d policy to block remote attacks, and then restarting the system. In this case, the system will no longer function as a print server, but local printing to a directly attached device will still be possible.\n\nAnother potential option to prevent remote exploitation of the bug that has worked in \u201climited testing\u201d is to block both the RPC Endpoint Mapper (135/tcp) and SMB (139/tcp and 445/tcp) at the firewall level, according to CERT/CC. However, \u201cblocking these ports on a Windows system may prevent expected capabilities from functioning properly, especially on a system that functions as a server,\u201d the center advised.\n\n_**Check out our free **_[_**upcoming live and on-demand webinar events**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-07-07T10:55:02", "type": "threatpost", "title": "Microsoft Releases Emergency Patch for PrintNightmare Bugs", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-34527"], "modified": "2021-07-07T10:55:02", "id": "THREATPOST:6F7C157D4D3EB409080D90F02185E728", "href": "https://threatpost.com/microsoft-emergency-patch-printnightmare/167578/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-06T21:23:56", "description": "The U.S. government has stepped in to offer a mitigation for a critical remote code execution (RCE) vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft\u2019s initial effort to fix it.\n\nTo mitigate the bug, [dubbed PrintNightmare](<https://threatpost.com/poc-exploit-windows-print-spooler-bug/167430/>), the CERT Coordination Center (CERT/CC) has released a [VulNote](<https://www.kb.cert.org/vuls/id/383432>) for CVE-2021-1675 urging system administrations to disable the Windows Print Spooler service in Domain Controllers and systems that do not print, the Cybersecurity Infratructure and Security Administration (CISA) said [in a release](<https://us-cert.cisa.gov/ncas/current-activity/2021/06/30/printnightmare-critical-windows-print-spooler-vulnerability>) Thursday. CERT/CC is part of the Software Engineering Institute, a federally funded research center operated by Carnegie Mellon University.\n\n\u201cWhile Microsoft has released an [update for CVE-2021-1675](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1675>), it is important to realize that this update does NOT protect Active Directory domain controllers, or systems that have [Point and Print](<https://docs.microsoft.com/en-us/windows-hardware/drivers/print/introduction-to-point-and-print>) configured with the NoWarningNoElevationOnInstall option configured,\u201d CERT/CC researchers wrote in the note.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\nThe mitigation is in response to a scenario that unfolded earlier this week when a proof-of-concept (POC) for PrintNightmare was dropped on GitHub on Tuesday. While it was taken back down within a few hours, the code was copied and remains in circulation on the platform. An attacker can use the POC to exploit the vulnerability to take control of an affected system.\n\nIn the meantime, Microsoft Thursday put out a new advisory of its own on PrintNightmare that assigns a new CVE and seems to suggest a new attack vector while attempting to clarify confusion that has arisen over it.\n\nWhile the company originally addressed CVE-2021-1675 in [June\u2019s Patch Tuesday updates](<https://threatpost.com/microsoft-patch-tuesday-in-the-wild-exploits/166724/>) as a minor elevation-of-privilege vulnerability, the listing was updated last week after researchers from Tencent and NSFOCUS TIANJI Lab figured out it could be used for RCE.\n\nHowever, soon after it became clear to many experts that the patch appears to fail against the RCE aspect of the bug\u2014hence CISA\u2019s offer of another mitigation and Microsoft\u2019s update.\n\n## **Assignment of New CVE?**\n\nRegarding the latter, the company dropped [a notice](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527>) Thursday for a bug called \u201cWindows Print Spooler Remote Code Execution Vulnerability\u201d that appears to be the same vulnerability, but with a different CVE number\u2014in this case, CVE-2021-34527.\n\nThe description of the bug sounds like PrintNightmare; indeed, Microsoft acknowledges that it is \u201can evolving situation.\n\n\u201cA remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations,\u201d according to the notice. \u201cAn attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\u201d\n\nIn a \u201cFAQ\u201d section in the security update, Microsoft attempts to explain CVE-2021-34527\u2019s connection to CVE-2021-1675.\n\n\u201cIs this the vulnerability that has been referred to publicly as PrintNightmare? Yes, Microsoft has assigned CVE-2021-34527 to this vulnerability,\u201d the company wrote.\n\nHowever, the answer to the question \u201cIs this vulnerability related to CVE-2021-1675?\u201d suggests that CVE-2021-34527 is a different issue.\n\n\u201cThis vulnerability is similar but distinct from the vulnerability that is assigned CVE-2021-1675, which addresses a different vulnerability in RpcAddPrinterDriverEx(),\u201d the company wrote. \u201cThe attack vector is different as well. CVE-2021-1675 was addressed by the June 2021 security update.\u201d\n\nMicrosoft goes on to explain that CVE-2021-34527 existed before the June Patch Tuesday updates and that it affects domain controllers in \u201call versions of Windows.\u201d\n\n**\u201c**We are still investigating whether all versions are exploitable,\u201d the company wrote. \u201cWe will update this CVE when that information is evident.\u201d\n\nMicrosoft did not assign a score to CVE-2021-34527, citing its ongoing investigation.\n\n## **Two Vulnerabilities?**\n\nIn retrospect, one security researcher noted to Threatpost when news of PrintNightmare surfaced Tuesday that it was \u201ccurious\u201d that the CVE for the original vulnerability was \u201c-1675,\u201d observing that \u201cmost of the CVEs Microsoft patched in June are -31000 and higher.\u201d\n\n\u201cThis could be an indicator that they have known about this bug for some time, and fully addressing it is not trivial,\u201d Dustin Childs of Trend Micro\u2019s Zero Day Initiative told Threatpost at the time.\n\nNow it appears that perhaps Microsoft was patching only part of a more complex vulnerability. The likely scenario appears to be that there are two bugs in Windows Print Spooler that could offer attackers some kind of exploit chain or be used separately to take over systems.\n\nWhile one flaw may indeed have been addressed in June\u2019s Patch Tuesday update, the other could be mitigated by CERT/CC\u2019s workaround\u2014or could remain to be patched by a future Microsoft update that comes after the company completes its investigation.\n\nThe company\u2019s release Thursday of a new CVE related to PrintNightmare seems to be an initial attempt to clarify the situation, though given its developing nature, it remains a bit hazy for now.\n\n_**Check out our free **_[_**upcoming live and on-demand webinar events**_](<https://threatpost.com/category/webinars/>)_** \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {}, "published": "2021-07-02T12:21:02", "type": "threatpost", "title": "CISA Offers New Mitigation for PrintNightmare Bug", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-1675", "CVE-2021-30116", "CVE-2021-34527"], "modified": "2021-07-02T12:21:02", "id": "THREATPOST:933913B1D9B9CF84D33FECFC77C2FDC8", "href": "https://threatpost.com/cisa-mitigation-printnightmare-bug/167515/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-15T18:06:14", "description": "The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 (aka TA551) and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware.\n\nThe development also speaks to the TrickBot gang\u2019s increasing sophistication and standing in the cybercrime underground, IBM researchers said: \u201cThis latest development demonstrates the strength of its connections within the cybercriminal ecosystem and its ability to leverage these relationships to expand the number of organizations infected with its malware.\u201d\n\nThe TrickBot malware started life as a banking trojan back in 2016, but it quickly evolved to become a modular, full-service threat. It\u2019s capable of a range of backdoor and data-theft functions, can deliver additional payloads, and has the ability to quickly [move laterally](<https://threatpost.com/trickbot-port-scanning-module/163615/>) throughout an enterprise.\n\nAccording to IBM, the TrickBot gang (aka ITG23 or Wizard Spider) has now added powerful additional distribution tactics to its bag of tricks, thanks to the two new affiliates.\n\n\u201cEarlier this year, [the TrickBot gang] primarily relied on email campaigns delivering Excel documents and a call-center ruse known as BazarCall to deliver its payloads to corporate users,\u201d IBM researchers said in a [Wednesday analysis](<https://securityintelligence.com/posts/trickbot-gang-doubles-down-enterprise-infection/>). \u201cHowever\u2026the new affiliates have added the use of hijacked email threads and fraudulent website customer-inquiry forms. This move not only increased the volume of its delivery attempts but also diversified delivery methods with the goal of infecting more potential victims than ever.\u201d\n\nBazarCall is a [distribution tactic](<https://unit42.paloaltonetworks.com/bazarloader-malware/>) that starts with emails offering \u201ctrial subscriptions\u201d to various services \u2013 with a phone number listed to call customer service to avoid being charged money. If someone calls, a call-center operator answers and directs victims to a website to purportedly unsubscribe from the service: a process the \u201cagent\u201d walks the caller through. In the end, vulnerable computers become infected with malware \u2013 usually the [BazarLoader implant](<https://threatpost.com/bazarloader-malware-slack-basecamp/165455/>), which is another malware in the TrickBot gang\u2019s arsenal, and sometimes TrickBot itself. These types of attacks have continued into the autumn, enhanced by the fresh distribution approaches, according to IBM.\n\nMeanwhile, since 2020, the TrickBot gang has been heavily involved in the ransomware economy, with the TrickBot malware acting as an initial access point in campaigns. Users infected with the trojan will see their device become part of a botnet that attackers typically use to load the second-stage ransomware variant. The operators have developed their own ransomware as well, according to IBM: the Conti code, which is notorious for hitting hospitals, [destroying backup files](<https://threatpost.com/conti-ransomware-backups/175114/>) and pursuing [double-extortion tactics](<https://threatpost.com/double-extortion-ransomware-attacks-spike/154818/>).\n\nIBM noted that since the two affiliates came on board in June, there\u2019s been a corresponding increase in Conti ransomware attacks \u2013 not likely a coincidence.\n\n\u201cRansomware and extortion go hand in hand nowadays,\u201d according to the firm\u2019s analysis. \u201c[The TrickBot gang] has also adapted to the ransomware economy through the creation of the Conti ransomware-as-a-service (RaaS) and the use of its BazarLoader and Trickbot payloads to gain a foothold for ransomware attacks.\u201d\n\n## **Affiliate Hive0106: Spam Powerhouse **\n\nIBM X-Force researchers noted that the most important development since June for the distribution of the TrickBot gang\u2019s various kinds of malware is the newly minted partnership with Hive0106 (aka TA551, Shathak and UNC2420).\n\nHive0106 specializes in massive volumes of spamming and is a financially motivated threat group that\u2019s lately been looking to partner with elite cybercrime gangs, the firm said.\n\nHive0106 campaigns begin with hijacking email threads: a tactic pioneered by its frenemy [Emotet](<https://threatpost.com/emotet-takedown-infrastructure-netwalker-offline/163389/>). The tactic involves [jumping into ongoing correspondence](<https://unit42.paloaltonetworks.com/emotet-thread-hijacking/>) to respond to an incoming message under the guise of being the rightful account holder. These existing email threads are stolen from email clients during prior infections. Hive0106 is able to mount these campaigns at scale, researchers said, using newly created malicious domains to host malware payloads.\n\n\u201cThe emails include the email thread subject line but not the entire thread,\u201d according to IBM X-Force\u2019s writeup. \u201cWithin the email is an archive file containing a malicious attachment and password.\u201d\n\nIn the new campaigns, that malicious document drops an HTML application (HTA) file when macros are enabled.\n\n\u201cHTA files contain hypertext code and may also contain VBScript or JScript scripts, both of which are often used in boobytrapped macros,\u201d according to the analysis. \u201cThe HTA file then downloads Trickbot or BazarLoader, which has subsequently been observed downloading Cobalt Strike.\u201d\n\nCobalt Strike is the legitimate pen-testing tool that\u2019s [often abused by cybercriminals](<https://threatpost.com/cobalt-strike-cybercrooks/167368/>) to help with lateral movement. It\u2019s often a precursor to a ransomware infection.\n\n## **Hive0107 Comes on Board**\n\nAnother prominent affiliate that hooked its wagon up to the TrickBot gang this summer is Hive0107, which spent the first half of the year distributing the IcedID trojan (a [TrickBot rival](<https://threatpost.com/icedid-banking-trojan-surges-emotet/165314/>)). It switched horses to TrickBot in May, using its patented contact form distribution method.\n\nAnalysts \u201cobserved Hive0107 with occasional distribution campaigns of the Trickbot malware detected mid-May through mid-July 2021\u2026after that period, Hive0107 switched entirely to delivering BazarLoader,\u201d according to the researchers, who added that most of the campaigns target organizations in the U.S. and, to a lesser extent, Canada and Europe.\n\nHive0107 is well-known for using customer contact forms on company websites to send malicious links to unwitting employees. Usually, the messages it sends threaten legal action, according to the analysis.\n\nPreviously, the cybercriminals used copyright infringement as a ruse: \u201cThe group typically enters information into these contact forms \u2014 probably using automated methods \u2014 informing the targeted organization that it has illegally used copyrighted images and includes a link to their evidence,\u201d IBM X-Force researchers explained.\n\nIn the new campaigns, Hive0107 is using a different lure, the researchers said, claiming that the targeted company has been performing distributed denial-of-service (DDoS) attacks on its servers. Then, the messages provide a (malicious) link to purported evidence and how to remedy the situation.\n\nThe group also sends the same content via email to organization staff \u2013 an additional switch-up in tactics.\n\nIn any event, the links are hosted on legitimate cloud storage services where the payload lives, according to the analysis.\n\n\u201cClicking on the link downloads a .ZIP archive containing a malicious JScript (JS) downloader titled \u2018Stolen Images Evidence.js\u2019 or \u2018DDoS attack proof and instructions on how to fix it.js,'\u201d researchers explained. \u201cThe JS file contacts a URL on newly created domains to download BazarLoader.\u201d\n\nBazarLoader then goes on to download Cobalt Strike and a PowerShell script to exploit the [PrintNightmare vulnerability](<https://threatpost.com/microsoft-unpatched-printnightmare-zero-day/168613/>) (CVE-2021-34527), they added \u2013 and sometimes TrickBot.\n\n\u201cIBM suspects that access achieved through these Hive0107 campaigns is ultimately used to initiate a ransomware attack,\u201d the researchers noted.\n\nThe new affiliate campaigns are evidence of the TrickBot gang\u2019s continuing success breaking into the circle of the cybercriminal elite, the firm concluded \u2013 a trend IBM X-Force expects to continue into next year.\n\n\u201c[The gang] started out aggressively back in 2016 and has become a cybercrime staple in the Eastern European threat-actor arena,\u201d researchers said. \u201cIn 2021, the group has repositioned itself among the top of the cybercriminal industry.\u201d\n\nThey added, \u201cThe group already has demonstrated its ability to maintain and update its malware and infrastructure, despite the efforts of law enforcement and industry groups [to take it down](<https://threatpost.com/authorities-arrest-trickbot-member/169236/>).\u201d\n\n## **How to Protect Companies When TrickBot Hits**\n\nTo reduce the chances of suffering catastrophic damage from an infection (or a follow-on ransomware attack), IBM recommends taking the following steps:\n\n * **Ensure you have backup redundancy**, stored separately from network zones attackers could access with read-only access. The availability of effective backups is a significant differentiator for organizations and can support recovery from a ransomware attack.\n * **Implement a strategy to prevent unauthorized data theft**, especially as it applies to uploading large amounts of data to legitimate cloud storage platforms that attackers can abuse.\n * **Employ user-behavior analytics** to identify potential security incidents. When triggered, assume a breach has taken place. Audit, monitor and quickly act on suspected abuse related to privileged accounts and groups.\n * **Employ multi-factor authentication** on all remote access points into an enterprise network.\n * **Secure or disable remote desktop protocol (RDP).** Multiple ransomware attacks have been known to exploit weak RDP access to gain initial entry into a network.\n\n_**Check out our free **_[_**upcoming live and on-demand online town halls **_](<https://threatpost.com/category/webinars/>)_**\u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community.**_\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-15T18:05:29", "type": "threatpost", "title": "TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-34527"], "modified": "2021-10-15T18:05:29", "id": "THREATPOST:827A7E3B49365A0E49A11A05A5A29192", "href": "https://threatpost.com/trickbot-cybercrime-elite-affiliates/175510/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:32:06", "description": "The remote Windows host is missing security update 5005089 or cumulative update 5005088. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-08-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005089.NASL", "href": "https://www.tenable.com/plugins/nessus/152436", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152436);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/30\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-34537\",\n \"CVE-2021-36927\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005088\");\n script_xref(name:\"MSKB\", value:\"5005089\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005088\");\n script_xref(name:\"MSFT\", value:\"MS21-5005089\");\n\n script_name(english:\"KB5005089: Windows 7 and Windows Server 2008 R2 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005089\nor cumulative update 5005088. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484,\n CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-34533, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005089-security-only-update-28805642-8266-40f9-a2be-9003329f661c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?383d9541\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005088-monthly-rollup-69ec750d-30ee-4cbd-82eb-0b1ec2fd5f78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d931097\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005089 or Cumulative Update KB5005088.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005089',\n '5005088'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.1', \n sp:1,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005089, 5005088])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:14", "description": "The remote Windows host is missing security update 5005030.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005030.NASL", "href": "https://www.tenable.com/plugins/nessus/152435", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152435);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005030\");\n script_xref(name:\"MSFT\", value:\"MS21-5005030\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005030: Windows 10 Version 1809 and Windows Server 2019 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005030.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34486, CVE-2021-34487,\n CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005030-os-build-17763-2114-cec503ed-cc09-4641-bdc1-988153e0bd9a\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?34b43ea5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005030.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005030'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:17763,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005030])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:13:14", "description": "The remote Windows host is missing security update 5005031.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005031: Windows 10 Version 1909 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005031.NASL", "href": "https://www.tenable.com/plugins/nessus/152430", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152430);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005031\");\n script_xref(name:\"MSFT\", value:\"MS21-5005031\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005031: Windows 10 Version 1909 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005031.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34486, CVE-2021-34487,\n CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005031-os-build-18363-1734-8af726da-a39b-417d-a5fb-670c42d69e78\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?819616f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005031.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005031'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:18363,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005031])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:50", "description": "The remote Windows host is missing security update 5005043.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005043.NASL", "href": "https://www.tenable.com/plugins/nessus/152434", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152434);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005043\");\n script_xref(name:\"MSFT\", value:\"MS21-5005043\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005043: Windows 10 Version 1607 and Windows Server 2016 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005043.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34487, CVE-2021-34536,\n CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005043-os-build-14393-4583-709d481e-b02a-4eb9-80d9-75c4b8170240\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e5193663\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005043.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005043'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:14393,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005043])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005094 or cumulative update 5005099. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005094: Windows Server 2012 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005094.NASL", "href": "https://www.tenable.com/plugins/nessus/152421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152421);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-36926\",\n \"CVE-2021-36927\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005094\");\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005099\");\n script_xref(name:\"MSFT\", value:\"MS21-5005094\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005099\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005094: Windows Server 2012 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005094\nor cumulative update 5005099. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34533, CVE-2021-34535,\n CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005094-security-only-update-276b95ad-c923-454c-8758-5b90175d86cc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed9c2c14\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005099-monthly-rollup-34a20feb-f899-4d10-91e0-d5ab32c4e009\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9af3c64c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005094 or Cumulative Update KB5005099.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005099',\n '5005094'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.2', \n sp:0,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005099, 5005094])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:18", "description": "The remote Windows host is missing security update 5005040.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36938", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005040.NASL", "href": "https://www.tenable.com/plugins/nessus/152422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152422);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36938\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005040\");\n script_xref(name:\"MSFT\", value:\"MS21-5005040\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005040: Windows 10 version 1507 LTS Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005040.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933, CVE-2021-36938)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34536, CVE-2021-34537)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005040-os-build-10240-19022-e8bbfa7a-1012-4e18-a2d7-8ae6a8acf8fb\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cab780fc\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005040.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005040'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:10240,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005040])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005106 or cumulative update 5005076. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483, CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34533, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005106: Windows Server 2012 R2 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-34535", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36927", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005106.NASL", "href": "https://www.tenable.com/plugins/nessus/152433", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152433);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-34535\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36927\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005036\");\n script_xref(name:\"MSKB\", value:\"5005076\");\n script_xref(name:\"MSKB\", value:\"5005106\");\n script_xref(name:\"MSFT\", value:\"MS21-5005036\");\n script_xref(name:\"MSFT\", value:\"MS21-5005076\");\n script_xref(name:\"MSFT\", value:\"MS21-5005106\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005106: Windows Server 2012 R2 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005106\nor cumulative update 5005076. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-34483,\n CVE-2021-34484, CVE-2021-34537, CVE-2021-36927)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34533, CVE-2021-34535,\n CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/kb5005036-cumulative-security-update-for-internet-explorer-august-10-2021-621b1edb-b461-4d99-ae3e-5add55e53895\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0fe73cef\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005076-monthly-rollup-bf677fed-96d9-475e-87c1-a053fa75fef7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e0382f6\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005106-security-only-update-d1ab5a34-55c1-4f66-8776-54a0c3bf40a7\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57da6a50\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005106 or Cumulative Update KB5005076.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005106',\n '5005076'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.3', \n sp:0,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005106, 5005076])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:36", "description": "The remote Windows host is missing security update 5005095 or cumulative update 5005090. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-34533, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can exploit this to perform actions with the privileges of another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484, CVE-2021-36927)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005095: Windows Server 2008 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-34481", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34533", "CVE-2021-36927", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36942", "CVE-2021-36947"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005095.NASL", "href": "https://www.tenable.com/plugins/nessus/152425", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152425);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-34481\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34533\",\n \"CVE-2021-36927\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36942\",\n \"CVE-2021-36947\"\n );\n script_xref(name:\"MSKB\", value:\"5005095\");\n script_xref(name:\"MSKB\", value:\"5005090\");\n script_xref(name:\"MSFT\", value:\"MS21-5005095\");\n script_xref(name:\"MSFT\", value:\"MS21-5005090\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005095: Windows Server 2008 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005095\nor cumulative update 5005090. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-34533, CVE-2021-36936, CVE-2021-36937,\n CVE-2021-36947)\n\n - A session spoofing vulnerability exists. An attacker can\n exploit this to perform actions with the privileges of\n another user. (CVE-2021-36942)\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-34483, CVE-2021-34484,\n CVE-2021-36927)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005095-security-only-update-a324fdbb-ce90-4c4d-8d9d-e9f2f2a57e0e\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?de72daa6\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005090-monthly-rollup-8feea9cd-25f9-41ef-b8e1-815211dc4e6c\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?910509c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB5005095 or Cumulative Update KB5005090.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS21-08';\nkbs = make_list(\n '5005095',\n '5005090'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'6.0', \n sp:2,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005095, 5005090])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:07:27", "description": "The remote Windows host is missing security update 5005033.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431, CVE-2021-34483, CVE-2021-34484, CVE-2021-34486, CVE-2021-34487, CVE-2021-34536, CVE-2021-34537, CVE-2021-36948)\n\n - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2021-26424, CVE-2021-26432, CVE-2021-34530, CVE-2021-34533, CVE-2021-34534, CVE-2021-34535, CVE-2021-36936, CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-26433, CVE-2021-36926, CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker can exploit this to corrupt the memory and cause unexpected behaviors within the system/application.\n (CVE-2021-34480)", "cvss3": {}, "published": "2021-08-10T00:00:00", "type": "nessus", "title": "KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26424", "CVE-2021-26425", "CVE-2021-26426", "CVE-2021-26431", "CVE-2021-26432", "CVE-2021-26433", "CVE-2021-34480", "CVE-2021-34483", "CVE-2021-34484", "CVE-2021-34486", "CVE-2021-34487", "CVE-2021-34530", "CVE-2021-34533", "CVE-2021-34534", "CVE-2021-34535", "CVE-2021-34536", "CVE-2021-34537", "CVE-2021-36926", "CVE-2021-36932", "CVE-2021-36933", "CVE-2021-36936", "CVE-2021-36937", "CVE-2021-36947", "CVE-2021-36948"], "modified": "2022-04-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS21_AUG_5005033.NASL", "href": "https://www.tenable.com/plugins/nessus/152431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152431);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/07\");\n\n script_cve_id(\n \"CVE-2021-26424\",\n \"CVE-2021-26425\",\n \"CVE-2021-26426\",\n \"CVE-2021-26431\",\n \"CVE-2021-26432\",\n \"CVE-2021-26433\",\n \"CVE-2021-34480\",\n \"CVE-2021-34483\",\n \"CVE-2021-34484\",\n \"CVE-2021-34486\",\n \"CVE-2021-34487\",\n \"CVE-2021-34530\",\n \"CVE-2021-34533\",\n \"CVE-2021-34534\",\n \"CVE-2021-34535\",\n \"CVE-2021-34536\",\n \"CVE-2021-34537\",\n \"CVE-2021-36926\",\n \"CVE-2021-36932\",\n \"CVE-2021-36933\",\n \"CVE-2021-36936\",\n \"CVE-2021-36937\",\n \"CVE-2021-36947\",\n \"CVE-2021-36948\"\n );\n script_xref(name:\"MSKB\", value:\"5005033\");\n script_xref(name:\"MSFT\", value:\"MS21-5005033\");\n script_xref(name:\"IAVA\", value:\"2021-A-0373-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0374-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/18\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/21\");\n\n script_name(english:\"KB5005033: Windows 10 Version 2004 / Windows 10 Version 20H2 / Windows 10 Version 21H1 Security Update (August 2021)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 5005033.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability. An attacker can\n exploit this to gain elevated privileges.\n (CVE-2021-26425, CVE-2021-26426, CVE-2021-26431,\n CVE-2021-34483, CVE-2021-34484, CVE-2021-34486,\n CVE-2021-34487, CVE-2021-34536, CVE-2021-34537,\n CVE-2021-36948)\n\n - A remote code execution vulnerability. An attacker can\n exploit this to bypass authentication and execute\n unauthorized arbitrary commands. (CVE-2021-26424,\n CVE-2021-26432, CVE-2021-34530, CVE-2021-34533,\n CVE-2021-34534, CVE-2021-34535, CVE-2021-36936,\n CVE-2021-36937, CVE-2021-36947)\n\n - An information disclosure vulnerability. An attacker can\n exploit this to disclose potentially sensitive\n information. (CVE-2021-26433, CVE-2021-36926,\n CVE-2021-36932, CVE-2021-36933)\n\n - An memory corruption vulnerability exists. An attacker\n can exploit this to corrupt the memory and cause\n unexpected behaviors within the system/application.\n (CVE-2021-34480)\");\n # https://support.microsoft.com/en-us/topic/august-10-2021-kb5005033-os-builds-19041-1165-19042-1165-and-19043-1165-b4c77d08-435a-4833-b9f7-e092372079a4\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?526975a8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB5005033.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-36936\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\ninclude('smb_reg_query.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nvar bulletin = 'MS21-08';\nvar kbs = make_list(\n '5005033'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nvar share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19041,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n||\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19042,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n||\n smb_check_rollup(os:'10', \n sp:0,\n os_build:19043,\n rollup_date:'08_2021',\n bulletin:bulletin,\n rollup_kb_list:[5005033])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:32:21", "description": "The Windows Remote Desktop client for Windows installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploited the vulnerability could execute arbitrary code.", "cvss3&q