Adobe Critical Code-Execution Flaws Plague Windows Users

2021-03-09T20:44:18

Description

Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems. Affected products include Adobe’s Framemaker document processor, designed for writing and editing large or complex documents; Adobe’s Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing. “Adobe is not aware of any exploits in the wild for any of the issues addressed in these updates,” according to an Adobe spokesperson. [![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>) While these vulnerabilities are classified as critical-severity flaws, it’s important to note that they were given “priority 3” ratings by Adobe. This means that the update “resolves vulnerabilities in a product that has historically not been a target for attackers,” and that administrators are urged to “install the update at their discretion.” ## **Adobe Framemaker Security Flaw** Adobe [fixed a critical flaw](<https://helpx.adobe.com/security/products/framemaker/apsb21-14.html>) (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is [a type of buffer-overflow flaw](<https://cwe.mitre.org/data/definitions/125.html>) where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get “secret values” (like memory addresses) that could ultimately allow him to achieve code execution or denial of service. Adobe Framemaker version 2019.0.8 and below (for Windows) are affected by the flaw; a patch is issued in version 2020.0.2. Francis Provencher, working with Trend Micro’s Zero Day Initiative, is credited with finding the bug. ## **Creative Cloud Desktop Application For Windows** Adobe also [fixed three critical vulnerabilities](<https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html>) in the desktop application version of Adobe Creative Cloud for Windows users. Two of the three critical flaws could enable arbitrary code execution: One of these (CVE-2021-21068) stems from an arbitrary file-overwrite hole, while the other (CVE-2021-21078) exists due to an OS command-injection error. The third critical flaw (CVE-2021-21069) stems from improper input validation and could allow an attacker to gain escalated privileges. The Creative Cloud desktop application versions 5.3 and earlier are affected; fixes are released in version 5.4. ## **Adobe Connect Critical and Important Flaws** Several [critical- and important-severity bugs](<https://helpx.adobe.com/security/products/connect/apsb21-19.html>) were patched in Adobe Connect. One critical bug (CVE-2021-21078) stemmed from improper input validation; this could allow for arbitrary code execution. And, three important cross-site scripting (XSS) flaws (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081) were patched. These could allow for arbitrary JavaScript execution in the victim’s browser, if exploited. Adobe Connect version 11.0.5 and earlier are affected; the fix was released in version 11.2. ## **Adobe Security Updates Continue ** This month’s regularly-scheduled security fixes come on the heels of [an actively-exploited critical flaw in February](<https://threatpost.com/critical-adobe-windows-flaw/163789/>), which attackers leveraged to target Adobe Reader users on Windows. That bug (CVE-2021-21017) was exploited in “limited attacks,” according to [Adobe’s monthly advisory](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>), containing its regularly scheduled February updates. The flaw in question is a critical-severity [heap-based buffer-overflow](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) flaw. **_Check out our free _****_[upcoming live webinar events](<https://threatpost.com/category/webinars/>)_****_ – unique, dynamic discussions with cybersecurity experts and the Threatpost community:_** · March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly **([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>)) · April 21: **Underground Markets: A Tour of the Dark Economy** ([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))

{"id": "THREATPOST:B79D0A844D2D8BF7A75F2D397398D75A", "vendorId": null, "type": "threatpost", "bulletinFamily": "info", "title": "Adobe Critical Code-Execution Flaws Plague Windows Users", "description": "Adobe has issued patches for a slew of critical security vulnerabilities, which, if exploited, could allow for arbitrary code execution on vulnerable Windows systems.\n\nAffected products include Adobe\u2019s Framemaker document processor, designed for writing and editing large or complex documents; Adobe\u2019s Connect software used for remote web conferencing; and the Adobe Creative Cloud software suite for video editing.\n\n\u201cAdobe is not aware of any exploits in the wild for any of the issues addressed in these updates,\u201d according to an Adobe spokesperson.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\nWhile these vulnerabilities are classified as critical-severity flaws, it\u2019s important to note that they were given \u201cpriority 3\u201d ratings by Adobe. This means that the update \u201cresolves vulnerabilities in a product that has historically not been a target for attackers,\u201d and that administrators are urged to \u201cinstall the update at their discretion.\u201d\n\n## **Adobe Framemaker Security Flaw**\n\nAdobe [fixed a critical flaw](<https://helpx.adobe.com/security/products/framemaker/apsb21-14.html>) (CVE-2021-21056) in Framemaker, which could allow for arbitrary code execution if exploited. The vulnerability is an out-of-bounds read error; which is [a type of buffer-overflow flaw](<https://cwe.mitre.org/data/definitions/125.html>) where the software reads data past the end of the intended buffer. An attacker who can read out-of-bounds memory might be able to get \u201csecret values\u201d (like memory addresses) that could ultimately allow him to achieve code execution or denial of service.\n\nAdobe Framemaker version 2019.0.8 and below (for Windows) are affected by the flaw; a patch is issued in version 2020.0.2. Francis Provencher, working with Trend Micro\u2019s Zero Day Initiative, is credited with finding the bug.\n\n## **Creative Cloud Desktop Application For Windows**\n\nAdobe also [fixed three critical vulnerabilities](<https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html>) in the desktop application version of Adobe Creative Cloud for Windows users.\n\nTwo of the three critical flaws could enable arbitrary code execution: One of these (CVE-2021-21068) stems from an arbitrary file-overwrite hole, while the other (CVE-2021-21078) exists due to an OS command-injection error. The third critical flaw (CVE-2021-21069) stems from improper input validation and could allow an attacker to gain escalated privileges.\n\nThe Creative Cloud desktop application versions 5.3 and earlier are affected; fixes are released in version 5.4.\n\n## **Adobe Connect Critical and Important Flaws**\n\nSeveral [critical- and important-severity bugs](<https://helpx.adobe.com/security/products/connect/apsb21-19.html>) were patched in Adobe Connect.\n\nOne critical bug (CVE-2021-21078) stemmed from improper input validation; this could allow for arbitrary code execution.\n\nAnd, three important cross-site scripting (XSS) flaws (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081) were patched. These could allow for arbitrary JavaScript execution in the victim\u2019s browser, if exploited.\n\nAdobe Connect version 11.0.5 and earlier are affected; the fix was released in version 11.2.\n\n## **Adobe Security Updates Continue **\n\nThis month\u2019s regularly-scheduled security fixes come on the heels of [an actively-exploited critical flaw in February](<https://threatpost.com/critical-adobe-windows-flaw/163789/>), which attackers leveraged to target Adobe Reader users on Windows.\n\nThat bug (CVE-2021-21017) was exploited in \u201climited attacks,\u201d according to [Adobe\u2019s monthly advisory](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>), containing its regularly scheduled February updates. The flaw in question is a critical-severity [heap-based buffer-overflow](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) flaw.\n\n**_Check out our free _****_[upcoming live webinar events](<https://threatpost.com/category/webinars/>)_****_ \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community:_** \n\u00b7 March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly **([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>)) \n\u00b7 April 21: **Underground Markets: A Tour of the Dark Economy** ([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))\n", "published": "2021-03-09T20:44:18", "modified": "2021-03-09T20:44:18", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://threatpost.com/adobe-critical-flaws-windows/164611/", "reporter": "Lindsey O'Donnell", "references": ["https://threatpost.com/newsletter-sign/", "https://helpx.adobe.com/security/products/framemaker/apsb21-14.html", "https://cwe.mitre.org/data/definitions/125.html", "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html", "https://helpx.adobe.com/security/products/connect/apsb21-19.html", "https://threatpost.com/critical-adobe-windows-flaw/163789/", "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", "https://threatpost.com/google-chrome-zero-day-windows-mac/163688/", "https://threatpost.com/category/webinars/", "https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/", "https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/"], "cvelist": ["CVE-2021-21017", "CVE-2021-21056", "CVE-2021-21068", "CVE-2021-21069", "CVE-2021-21078", "CVE-2021-21079", "CVE-2021-21080", "CVE-2021-21081"], "immutableFields": [], "lastseen": "2021-03-09T20:51:30", "viewCount": 184, "enchantments": {"dependencies": {"references": [{"type": "adobe", "idList": ["APSB21-09", "APSB21-14", "APSB21-18", "APSB21-19"]}, {"type": "attackerkb", "idList": ["AKB:A85EDE41-3F67-480B-8858-46B5D866EB51"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0066"]}, {"type": "cisa_kev", "idList": ["CISA-KEV-CVE-2021-21017"]}, {"type": "cve", "idList": ["CVE-2021-21017", "CVE-2021-21056", "CVE-2021-21068", "CVE-2021-21069", "CVE-2021-21078", "CVE-2021-21079", "CVE-2021-21080"]}, {"type": "githubexploit", "idList": ["97B4F1B6-8D2A-54CF-B2DF-9B00FD2281DD", "A3CF9029-7017-54E6-A5D2-340157519576"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:3C358DDA439A247A9677866AFE8FA961"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB21-09.NASL", "ADOBE_CONNECT_APSB21-19.NASL", "ADOBE_CREATIVE_CLOUD_APSB21-18.NASL", "ADOBE_FRAMEMAKER_APSB21-14.NASL", "ADOBE_READER_APSB21-09.NASL", "MACOS_ADOBE_ACROBAT_APSB21-09.NASL", "MACOS_ADOBE_READER_APSB21-09.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "QUALYSBLOG:AD927BF1D1CDE26A3D54D9452C330BB3", "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114", "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}, {"type": "securelist", "idList": ["SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1"]}, {"type": "thn", "idList": ["THN:0C87C22B19E7073574F7BA69985A07BF"]}, {"type": "threatpost", "idList": ["THREATPOST:F006B56821C572012C6CBF003C78C596"]}, {"type": "zdi", "idList": ["ZDI-21-281", "ZDI-21-282"]}]}, "score": {"value": 2.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "adobe", "idList": ["APSB21-09", "APSB21-14", "APSB21-18", "APSB21-19"]}, {"type": "attackerkb", "idList": ["AKB:A85EDE41-3F67-480B-8858-46B5D866EB51"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2021-0066"]}, {"type": "cve", "idList": ["CVE-2021-21017", "CVE-2021-21056", "CVE-2021-21068", "CVE-2021-21069", "CVE-2021-21078", "CVE-2021-21079", "CVE-2021-21080"]}, {"type": "githubexploit", "idList": ["97B4F1B6-8D2A-54CF-B2DF-9B00FD2281DD"]}, {"type": "malwarebytes", "idList": ["MALWAREBYTES:3C358DDA439A247A9677866AFE8FA961"]}, {"type": "nessus", "idList": ["ADOBE_ACROBAT_APSB21-09.NASL", "ADOBE_CONNECT_APSB21-19.NASL", "ADOBE_CREATIVE_CLOUD_APSB21-18.NASL", "ADOBE_FRAMEMAKER_APSB21-14.NASL", "ADOBE_READER_APSB21-09.NASL", "MACOS_ADOBE_ACROBAT_APSB21-09.NASL", "MACOS_ADOBE_READER_APSB21-09.NASL"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:AD927BF1D1CDE26A3D54D9452C330BB3", "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F"]}, {"type": "securelist", "idList": ["SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1"]}, {"type": "thn", "idList": ["THN:0C87C22B19E7073574F7BA69985A07BF"]}, {"type": "threatpost", "idList": ["THREATPOST:050A36E6453D4472A2734DA342E95366", "THREATPOST:056C552B840B2C102A6A75A2087CA8A5", "THREATPOST:A8B86BD2B477DD21773A352A53C97BED", "THREATPOST:ABEEC96661E77E7D77E68D7CCE038EA1", "THREATPOST:F006B56821C572012C6CBF003C78C596"]}, {"type": "zdi", "idList": ["ZDI-21-281", "ZDI-21-282"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-21017", "epss": "0.675240000", "percentile": "0.973430000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21056", "epss": "0.000940000", "percentile": "0.382360000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21068", "epss": "0.000570000", "percentile": "0.216910000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21069", "epss": "0.000420000", "percentile": "0.004970000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21078", "epss": "0.000570000", "percentile": "0.216910000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21079", "epss": "0.000790000", "percentile": "0.322290000", "modified": "2023-03-17"}, {"cve": "CVE-2021-21080", "epss": "0.000790000", "percentile": "0.322290000", "modified": "2023-03-17"}], "vulnersScore": 2.2}, "_state": {"dependencies": 1678920471, "score": 1684007085, "epss": 1679070268}, "_internal": {"score_hash": "672056f42e8f20c4365d2a966baff45e"}}

{"adobe": [{"lastseen": "2023-05-27T14:32:36", "description": "Adobe has released a security update for Adobe Connect. This update resolves a [critical]() and an [important]() vulnerability. Successful exploitation could lead to arbitrary JavaScript execution within the context of the victim's browser. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "adobe", "title": "APSB21-19 Security update available for Adobe Connect", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21078", "CVE-2021-21079", "CVE-2021-21080", "CVE-2021-21081", "CVE-2021-21085"], "modified": "2021-03-09T00:00:00", "id": "APSB21-19", "href": "https://helpx.adobe.com/security/products/connect/apsb21-19.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-27T17:13:24", "description": "Adobe has released a security update for the Creative Cloud Desktop Application. This update resolves multiple [critical ]()vulnerabilities that could lead to arbitrary code execution in the context of current user. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "adobe", "title": "APSB21-18 Security\u202fupdate available\u202ffor Adobe Creative Cloud Desktop\u202fApplication", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21068", "CVE-2021-21069", "CVE-2021-21078", "CVE-2021-28547"], "modified": "2021-03-09T00:00:00", "id": "APSB21-18", "href": "https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T14:32:49", "description": "Adobe has released a security hotfix for Adobe Framemaker. This hotfix addresses a [critical]() vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "adobe", "title": "APSB21-14 Security Updates Available for Adobe Framemaker", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21056"], "modified": "2021-03-09T00:00:00", "id": "APSB21-14", "href": "https://helpx.adobe.com/security/products/framemaker/apsb21-14.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T17:13:02", "description": "Adobe has released security updates for Adobe Acrobat and Reader for Windows and macOS. These updates address multiple [critical]() and [important]() vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. \n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "adobe", "title": "APSB21-09 Security update available for Adobe Acrobat and Reader", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017", "CVE-2021-21021", "CVE-2021-21028", "CVE-2021-21033", "CVE-2021-21034", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21042", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21046", "CVE-2021-21057", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21060", "CVE-2021-21061", "CVE-2021-21062", "CVE-2021-21063", "CVE-2021-21086", "CVE-2021-21088", "CVE-2021-21089", "CVE-2021-28545", "CVE-2021-28546", "CVE-2021-40723"], "modified": "2021-02-09T00:00:00", "id": "APSB21-09", "href": "https://helpx.adobe.com/security/products/acrobat/apsb21-09.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-06-01T14:25:20", "description": "The version of Adobe Creative Cloud Desktop installed on the remote host is prior to version 5.4. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - An arbitrary file write vulnerability that leads to arbitrary code execution. (CVE-2021-21068)\n\n - An OS command injection vulnerability that leads to arbitrary code execution. (CVE-2021-21078)\n\n - Improper input validation that can allow an attacker to elevate their privileges. (CVE-2021-21069)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "Adobe Creative Cloud Desktop < 5.4 Multiple Vulnerabilities (APSB21-18)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21068", "CVE-2021-21069", "CVE-2021-21078"], "modified": "2021-06-03T00:00:00", "cpe": ["cpe:/a:adobe:creative_cloud"], "id": "ADOBE_CREATIVE_CLOUD_APSB21-18.NASL", "href": "https://www.tenable.com/plugins/nessus/147421", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147421);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/03\");\n\n script_cve_id(\"CVE-2021-21068\", \"CVE-2021-21069\", \"CVE-2021-21078\");\n script_xref(name:\"IAVA\", value:\"2021-A-0124-S\");\n\n script_name(english:\"Adobe Creative Cloud Desktop < 5.4 Multiple Vulnerabilities (APSB21-18)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Creative Cloud Desktop installed on the remote host is prior to version 5.4. It is, therefore,\naffected by multiple vulnerabilities, including the following:\n\n - An arbitrary file write vulnerability that leads to arbitrary code execution. (CVE-2021-21068)\n\n - An OS command injection vulnerability that leads to arbitrary code execution. (CVE-2021-21078)\n\n - Improper input validation that can allow an attacker to elevate their privileges. (CVE-2021-21069)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://helpx.adobe.com/security/products/creative-cloud/apsb21-18.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e798cb5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Creative Cloud Desktop version 5.4.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21069\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:creative_cloud\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_creative_cloud_installed.nbin\", \"macosx_adobe_creative_cloud_installed.nbin\");\n script_require_ports(\"installed_sw/Adobe Creative Cloud\", \"installed_sw/Creative Cloud\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nif (!empty_or_null(get_kb_item('SMB/Registry/Enumerated')))\n{\n win_local = TRUE;\n app = 'Adobe Creative Cloud';\n}\nelse\n{\n win_local = FALSE;\n app = 'Creative Cloud';\n}\n\nget_kb_item_or_exit('installed_sw/' + app);\n\napp_info = vcf::get_app_info(app:app, win_local:win_local);\n\nconstraints = [\n {'fixed_version' : '5.4' }\n];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:55", "description": "The version of Adobe Connect running on the remote host is 11.0.5 or earlier. It is, therefore, affected by multiple vulnerabilities, including the following:\n\n - Multiple reflected cross-site scripting vulnerabilities due to improper validation of user-supplied input before returning it to users. An remote attacker can exploit these, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2021-21079, CVE-2021-21080, CVE-2021-21081)\n\n - An arbitrary code execution vulnerability due to improper input validation. (CVE-2021-21085)\n\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "Adobe Connect <= 11.0.5 Multiple Vulnerabilities (APSB21-19)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21079", "CVE-2021-21080", "CVE-2021-21081", "CVE-2021-21085"], "modified": "2022-06-28T00:00:00", "cpe": ["cpe:/a:adobe:connect"], "id": "ADOBE_CONNECT_APSB21-19.NASL", "href": "https://www.tenable.com/plugins/nessus/147419", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147419);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/28\");\n\n script_cve_id(\n \"CVE-2021-21079\",\n \"CVE-2021-21080\",\n \"CVE-2021-21081\",\n \"CVE-2021-21085\"\n );\n script_xref(name:\"IAVB\", value:\"2021-B-0016-S\");\n\n script_name(english:\"Adobe Connect <= 11.0.5 Multiple Vulnerabilities (APSB21-19)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains an application that is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Connect running on the remote host is 11.0.5 or earlier. It is, therefore, affected by multiple \nvulnerabilities, including the following:\n\n - Multiple reflected cross-site scripting vulnerabilities due to improper validation of user-supplied input\n before returning it to users. An remote attacker can exploit these, by convincing a user to click a\n specially crafted URL, to execute arbitrary script code in a user's browser session. (CVE-2021-21079,\n CVE-2021-21080, CVE-2021-21081)\n\n - An arbitrary code execution vulnerability due to improper input validation. (CVE-2021-21085)\n\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/connect/apsb21-19.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Connect version 11.2 or later\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21085\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:connect\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_connect_detect.nbin\");\n script_require_keys(\"installed_sw/Adobe Connect\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nport = get_http_port(default:80);\napp_info = vcf::get_app_info(app:'Adobe Connect', port:port, webapp:TRUE);\n\nconstraints = [{'fixed_version' : '11.0.6', 'fixed_display' : '11.2'}];\n\nvcf::check_version_and_report(\n app_info:app_info,\n constraints:constraints,\n severity:SECURITY_WARNING,\n flags:{'xss':TRUE}\n);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:29", "description": "The version of Adobe FrameMaker installed on the remote Windows host is prior to 16.0.2 (aka 2020.0.2). It is, therefore, affected by the an unspecified out of bounds read error that allows arbitrary code execution.\n Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-12T00:00:00", "type": "nessus", "title": "Adobe FrameMaker < 16.0.2 (aka 2020.0.2) Arbitrary code execution (APSB21-14)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21056"], "modified": "2021-09-16T00:00:00", "cpe": ["cpe:/a:adobe:framemaker"], "id": "ADOBE_FRAMEMAKER_APSB21-14.NASL", "href": "https://www.tenable.com/plugins/nessus/147716", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147716);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/16\");\n\n script_cve_id(\"CVE-2021-21056\");\n script_xref(name:\"IAVB\", value:\"2021-B-0015-S\");\n\n script_name(english:\"Adobe FrameMaker < 16.0.2 (aka 2020.0.2) Arbitrary code execution (APSB21-14)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote install of Adobe FrameMaker has arbitrary code execution vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe FrameMaker installed on the remote Windows host is prior to 16.0.2 (aka 2020.0.2). It is, therefore, affected by\nthe an unspecified out of bounds read error that allows arbitrary code execution.\n \nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/framemaker/apsb21-14.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe FrameMaker 16.0.2 (aka 2020.0.2) or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21056\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:framemaker\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_framemaker_installed.nbin\");\n script_require_keys(\"installed_sw/Adobe FrameMaker\", \"SMB/Registry/Enumerated\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe FrameMaker', win_local:TRUE);\n\n# 16.0.2 (aka 2020.0.2)\nconstraints = [{'max_version': '15.0.9', 'fixed_display':'16.0.2 (aka 2020.0.2)'}];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:39", "description": "The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2017.011.30188, 2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21017", "CVE-2021-21021", "CVE-2021-21028", "CVE-2021-21033", "CVE-2021-21034", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21042", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21046", "CVE-2021-21057", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21060", "CVE-2021-21061", "CVE-2021-21062", "CVE-2021-21063", "CVE-2021-21088", "CVE-2021-21089", "CVE-2021-40723"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB21-09.NASL", "href": "https://www.tenable.com/plugins/nessus/146422", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146422);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21017\",\n \"CVE-2021-21021\",\n \"CVE-2021-21028\",\n \"CVE-2021-21033\",\n \"CVE-2021-21034\",\n \"CVE-2021-21035\",\n \"CVE-2021-21036\",\n \"CVE-2021-21037\",\n \"CVE-2021-21038\",\n \"CVE-2021-21039\",\n \"CVE-2021-21040\",\n \"CVE-2021-21041\",\n \"CVE-2021-21042\",\n \"CVE-2021-21044\",\n \"CVE-2021-21045\",\n \"CVE-2021-21046\",\n \"CVE-2021-21057\",\n \"CVE-2021-21058\",\n \"CVE-2021-21059\",\n \"CVE-2021-21060\",\n \"CVE-2021-21061\",\n \"CVE-2021-21062\",\n \"CVE-2021-21063\",\n \"CVE-2021-21088\",\n \"CVE-2021-21089\",\n \"CVE-2021-40723\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0092-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0157-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0229-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Adobe Reader <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2017.011.30188,\n2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An\n unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally elevate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated\n attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the\n current user. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted\n jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally escalate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated\n attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated\n attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a\n specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve\n denial of service in the context of the current user. Exploitation of this issue requires user interaction\n in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An\n unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive\n information in the context of the current user. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2017.011.30188 / 2020.001.30018 / 2020.013.20074 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21063\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe Reader', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.013.20074', 'fixed_version' : '21.001.20135' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30018', 'fixed_version' : '20.001.30020' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30188', 'fixed_version' : '17.011.30190' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:25", "description": "The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30188, 2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "Adobe Acrobat <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21017", "CVE-2021-21021", "CVE-2021-21028", "CVE-2021-21033", "CVE-2021-21034", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21042", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21046", "CVE-2021-21057", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21060", "CVE-2021-21061", "CVE-2021-21062", "CVE-2021-21063", "CVE-2021-21088", "CVE-2021-21089", "CVE-2021-40723"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB21-09.NASL", "href": "https://www.tenable.com/plugins/nessus/146421", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146421);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21017\",\n \"CVE-2021-21021\",\n \"CVE-2021-21028\",\n \"CVE-2021-21033\",\n \"CVE-2021-21034\",\n \"CVE-2021-21035\",\n \"CVE-2021-21036\",\n \"CVE-2021-21037\",\n \"CVE-2021-21038\",\n \"CVE-2021-21039\",\n \"CVE-2021-21040\",\n \"CVE-2021-21041\",\n \"CVE-2021-21042\",\n \"CVE-2021-21044\",\n \"CVE-2021-21045\",\n \"CVE-2021-21046\",\n \"CVE-2021-21057\",\n \"CVE-2021-21058\",\n \"CVE-2021-21059\",\n \"CVE-2021-21060\",\n \"CVE-2021-21061\",\n \"CVE-2021-21062\",\n \"CVE-2021-21063\",\n \"CVE-2021-21088\",\n \"CVE-2021-21089\",\n \"CVE-2021-40723\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0092-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0157-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0229-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Adobe Acrobat <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30188,\n2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An\n unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally elevate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated\n attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the\n current user. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted\n jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally escalate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated\n attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated\n attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a\n specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve\n denial of service in the context of the current user. Exploitation of this issue requires user interaction\n in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An\n unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive\n information in the context of the current user. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2017.011.30188 / 2020.001.30018 / 2020.013.20074 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21063\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\napp_info = vcf::get_app_info(app:'Adobe Acrobat', win_local:TRUE);\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.013.20074', 'fixed_version' : '21.001.20135' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30018', 'fixed_version' : '20.001.30020' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30188', 'fixed_version' : '17.011.30190' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:35", "description": "The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2017.011.30188, 2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "Adobe Acrobat <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21017", "CVE-2021-21021", "CVE-2021-21028", "CVE-2021-21033", "CVE-2021-21034", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21042", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21046", "CVE-2021-21057", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21060", "CVE-2021-21061", "CVE-2021-21062", "CVE-2021-21063", "CVE-2021-21088", "CVE-2021-21089", "CVE-2021-40723"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "MACOS_ADOBE_ACROBAT_APSB21-09.NASL", "href": "https://www.tenable.com/plugins/nessus/146420", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146420);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21017\",\n \"CVE-2021-21021\",\n \"CVE-2021-21028\",\n \"CVE-2021-21033\",\n \"CVE-2021-21034\",\n \"CVE-2021-21035\",\n \"CVE-2021-21036\",\n \"CVE-2021-21037\",\n \"CVE-2021-21038\",\n \"CVE-2021-21039\",\n \"CVE-2021-21040\",\n \"CVE-2021-21041\",\n \"CVE-2021-21042\",\n \"CVE-2021-21044\",\n \"CVE-2021-21045\",\n \"CVE-2021-21046\",\n \"CVE-2021-21057\",\n \"CVE-2021-21058\",\n \"CVE-2021-21059\",\n \"CVE-2021-21060\",\n \"CVE-2021-21061\",\n \"CVE-2021-21062\",\n \"CVE-2021-21063\",\n \"CVE-2021-21088\",\n \"CVE-2021-21089\",\n \"CVE-2021-40723\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0092-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0157-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0229-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Adobe Acrobat <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Acrobat installed on the remote macOS host is a version prior or equal to 2017.011.30188,\n2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An\n unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally elevate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated\n attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the\n current user. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted\n jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally escalate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated\n attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated\n attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a\n specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve\n denial of service in the context of the current user. Exploitation of this issue requires user interaction\n in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An\n unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive\n information in the context of the current user. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Acrobat version 2017.011.30188 / 2020.001.30018 / 2020.013.20074 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21063\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_acrobat_installed.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Acrobat\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\napp_info = vcf::get_app_info(app:'Adobe Acrobat');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.013.20074', 'fixed_version' : '21.001.20135' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30018', 'fixed_version' : '20.001.30020' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30188', 'fixed_version' : '17.011.30190' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:25", "description": "The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2017.011.30188, 2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally elevate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated attacker could leverage this vulnerability to locally escalate privileges in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve denial of service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-02-11T00:00:00", "type": "nessus", "title": "Adobe Reader <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09) (macOS)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-21017", "CVE-2021-21021", "CVE-2021-21028", "CVE-2021-21033", "CVE-2021-21034", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21042", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21046", "CVE-2021-21057", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21060", "CVE-2021-21061", "CVE-2021-21062", "CVE-2021-21063", "CVE-2021-21088", "CVE-2021-21089", "CVE-2021-40723"], "modified": "2023-04-25T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOS_ADOBE_READER_APSB21-09.NASL", "href": "https://www.tenable.com/plugins/nessus/146423", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146423);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-21017\",\n \"CVE-2021-21021\",\n \"CVE-2021-21028\",\n \"CVE-2021-21033\",\n \"CVE-2021-21034\",\n \"CVE-2021-21035\",\n \"CVE-2021-21036\",\n \"CVE-2021-21037\",\n \"CVE-2021-21038\",\n \"CVE-2021-21039\",\n \"CVE-2021-21040\",\n \"CVE-2021-21041\",\n \"CVE-2021-21042\",\n \"CVE-2021-21044\",\n \"CVE-2021-21045\",\n \"CVE-2021-21046\",\n \"CVE-2021-21057\",\n \"CVE-2021-21058\",\n \"CVE-2021-21059\",\n \"CVE-2021-21060\",\n \"CVE-2021-21061\",\n \"CVE-2021-21062\",\n \"CVE-2021-21063\",\n \"CVE-2021-21088\",\n \"CVE-2021-21089\",\n \"CVE-2021-40723\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0092-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0157-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0229-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2021/11/17\");\n\n script_name(english:\"Adobe Reader <= 2017.011.30188 / 2020.001.30018 / 2020.013.20074 Multiple Vulnerabilities (APSB21-09) (macOS)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader installed on the remote macOS host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote macOS host is a version prior or equal to 2017.011.30188,\n2020.001.30018, or 2020.013.20074. It is, therefore, affected by multiple vulnerabilities.\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An\n unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21017)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21021, CVE-2021-21028, CVE-2021-21033, CVE-2021-21035, CVE-2021-21039, CVE-2021-21040)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally elevate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21034)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Integer Overflow vulnerability. An unauthenticated\n attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the\n current user. Exploitation of this issue requires user interaction in that a victim must open a malicious\n file. (CVE-2021-21036)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Path Traversal vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21037)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Write vulnerability when parsing a crafted\n jpeg file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21038, CVE-2021-21044)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a use-after-free vulnerability. An unauthenticated attacker\n could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.\n Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21041)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an Out-of-bounds Read vulnerability. An unauthenticated\n attacker could leverage this vulnerability to locally escalate privileges in the context of the current\n user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n (CVE-2021-21042)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper access control vulnerability. An unauthenticated\n attacker could leverage this vulnerability to elevate privileges in the context of the current user.\n (CVE-2021-21045)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an memory corruption vulnerability. An unauthenticated\n attacker could leverage this vulnerability to cause an application denial-of-service. Exploitation of this\n issue requires user interaction in that a victim must open a malicious file. (CVE-2021-21046)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a null pointer dereference vulnerability when parsing a\n specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve\n denial of service in the context of the current user. Exploitation of this issue requires user interaction\n in that a victim must open a malicious file. (CVE-2021-21057)\n\n - Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Memory corruption vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code\n execution in the context of the current user. Exploitation of this issue requires user interaction in that\n a victim must open a malicious file. (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063)\n\n - Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An\n unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the\n context of the current user. Exploitation of this issue requires user interaction in that a victim must\n open a malicious file. (CVE-2021-21060)\n\n - Acrobat Pro DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and\n 2017.011.30188 (and earlier) are affected by a Use-after-free vulnerability when parsing a specially\n crafted PDF file. An unauthenticated attacker could leverage this vulnerability to disclose sensitive\n information in the context of the current user. Exploitation of this issue requires user interaction in\n that a victim must open a malicious file. (CVE-2021-21061)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://helpx.adobe.com/security/products/acrobat/apsb21-09.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 2017.011.30188 / 2020.001.30018 / 2020.013.20074 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21063\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21035\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\ninclude('vcf_extras.inc');\n\nget_kb_item_or_exit('Host/local_checks_enabled');\nos = get_kb_item('Host/MacOSX/Version');\nif (empty_or_null(os)) audit(AUDIT_OS_NOT, 'Mac OS X');\n\napp_info = vcf::get_app_info(app:'Adobe Reader');\n\n# vcf::adobe_reader::check_version_and_report will\n# properly separate tracks when checking constraints.\n# x.y.30zzz = DC Classic\n# x.y.20zzz = DC Continuous\nconstraints = [\n { 'min_version' : '15.7', 'max_version' : '20.013.20074', 'fixed_version' : '21.001.20135' },\n { 'min_version' : '20.1', 'max_version' : '20.001.30018', 'fixed_version' : '20.001.30020' },\n { 'min_version' : '17.8', 'max_version' : '17.011.30188', 'fixed_version' : '17.011.30190' }\n];\nvcf::adobe_reader::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE, max_segs:3);\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "qualysblog": [{"lastseen": "2021-03-19T12:27:17", "description": "This month\u2019s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Desktop, and Adobe Connect products.\n\n### Internet Explorer Memory Corruption Vulnerability\n\nMicrosoft released patches addressing another 0-day vulnerability (CVE-2021-26411). This is a memory corruption vulnerability in Internet Explorer. This CVE already has a working exploit and is assigned a CVSSv3 base score of 8.8 by the vendor.\n\n### Windows Hyper-V Remote Code Execution (RCE) Vulnerability\n\nMicrosoft released patches to fix a RCE vulnerability in Windows Hyper-V (CVE-2021-26867). This vulnerability has a CVSSv3 base score of 9.9 and should be prioritized for patching.\n\n### Windows DNS Server RCE Vulnerability\n\nMicrosoft released patches to fix a RCE vulnerability in Windows DNS Server (CVE-2021-26897). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.\n\n### Workstation Patches\n\nMicrosoft Office vulnerabilities should be prioritized for workstation-type devices.\n\n### ProxyLogon / Exchange Vulnerabilities\n\nOn March 2, Microsoft released out-of-band patches to address critical remote code execution vulnerabilities in Microsoft Exchange Server. See details at [Microsoft Exchange Server Zero-Days (ProxyLogon)](<https://blog.qualys.com/vulnerabilities-research/2021/03/03/microsoft-exchange-server-zero-days-automatically-discover-prioritize-and-remediate-using-qualys-vmdr>).\n\n### Adobe\n\nAdobe issued patches today covering multiple vulnerabilities in FrameMaker, Creative Cloud Desktop, and Adobe Connect. Patching Adobe FrameMaker for CVE-2021-21056 and Creative Cloud Desktop for CVE-2021-21068, CVE-2021-21078, and CVE-21069 should be prioritized due to their critical impact.\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-03-09T21:33:26", "type": "qualysblog", "title": "March 2021 Patch Tuesday \u2013 82 Vulnerabilities, 10 Critical, Adobe", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-21056", "CVE-2021-21068", "CVE-2021-21078", "CVE-2021-26411", "CVE-2021-26867", "CVE-2021-26897"], "modified": "2021-03-09T21:33:26", "id": "QUALYSBLOG:B847D61CCF30D86B3C35C9E4CA764114", "href": "https://blog.qualys.com/category/vulnerabilities-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-03T12:28:18", "description": "This month\u2019s Microsoft Patch Tuesday addresses 56 vulnerabilities, of which 11 are rated as Critical. Adobe released patches today for Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver.\n\n### TCP/IP Trio\n\nMicrosoft released a set of fixes affecting Windows TCP/IP implementation that include two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074 and CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086). While there is no evidence that these vulnerabilities are exploited in wild, these vulnerabilities should be prioritized given their impact.\n\n### Windows Fax Service\n\nMicrosoft released patches to fix a remote code execution vulnerability in Windows Fax Service (CVE-2021-24077). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.\n\n### Windows DNS Server\n\nMicrosoft released patches to fix a remote code execution vulnerability in Windows DNS Server (CVE-2021-24078). This vulnerability has a CVSSv3 base score of 9.8 and should be prioritized for patching.\n\n### Windows Win32k Elevation of Privilege\n\nMicrosoft released updates to fix a local privilege escalation vulnerability in Win32K (CVE-2021-1732). This vulnerability is reportedly exploited in the wild and should be prioritized for patching.\n\n### Workstation Patches\n\nMicrosoft Office vulnerabilities should be prioritized for workstation-type devices.\n\n### Adobe\n\nAdobe issued patches today covering multiple vulnerabilities in Adobe Reader, Acrobat, Magento, Photoshop, Animate, Illustrator, and Dreamweaver. Patching Adobe Acrobat and Reader should be prioritized as Adobe has received reports of CVE-2021-21017 exploited in wild targeting Adobe Reader users on Windows.\n\n### About Patch Tuesday\n\nPatch Tuesday QIDs are published at [Security Alerts](<https://www.qualys.com/research/security-alerts/>), typically late in the evening of [Patch Tuesday](<https://blog.qualys.com/tag/patch-tuesday>), followed shortly after by [PT dashboards](<https://qualys-secure.force.com/discussions/s/article/000006505>).", "cvss3": {}, "published": "2021-02-09T20:22:38", "type": "qualysblog", "title": "February 2021 Patch Tuesday \u2013 56 Vulnerabilities, 11 Critical, Adobe", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2021-1732", "CVE-2021-21017", "CVE-2021-24074", "CVE-2021-24077", "CVE-2021-24078", "CVE-2021-24086", "CVE-2021-24094"], "modified": "2021-02-09T20:22:38", "id": "QUALYSBLOG:AD927BF1D1CDE26A3D54D9452C330BB3", "href": "https://blog.qualys.com/category/vulnerabilities-research", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-09T06:36:02", "description": "[Start your VMDR 30-day, no-cost trial today](<https://www.qualys.com/forms/vmdr/>)\n\n## Overview\n\nOn November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>), "Reducing the Significant Risk of Known Exploited Vulnerabilities." [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires agencies to review and update agency internal vulnerability management procedures within 60 days according to this directive and remediate each vulnerability according to the timelines outlined in 'CISA's vulnerability catalog.\n\nQualys helps customers to identify and assess risk to organizations' digital infrastructure and automate remediation. Qualys' guidance for rapid response to Operational Directive is below.\n\n## Directive Scope\n\nThis directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency's behalf.\n\nHowever, CISA strongly recommends that private businesses and state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA's public catalog.\n\n## CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [291 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. The Qualys Research team has mapped all these CVEs to applicable QIDs. You can view the complete list of CVEs and the corresponding QIDs [here](<https://success.qualys.com/discussions/s/article/000006791>).\n\n### Not all vulnerabilities are created equal\n\nOur quick review of the 291 CVEs posted by CISA suggests that not all vulnerabilities hold the same priority. CISA has ordered U.S. federal enterprises to apply patches as soon as possible. The remediation guidance can be grouped into three distinct categories:\n\n#### Category 1 \u2013 Past Due\n\nRemediation of 15 CVEs (~5%) are already past due. These vulnerabilities include some of the most significant exploits in the recent past, including PrintNightmare, SigRed, ZeroLogon, and vulnerabilities in CryptoAPI, Pulse Secure, and more. Qualys Patch Management can help you remediate most of these vulnerabilities.\n\n#### Category 2 \u2013 Patch in less than two weeks\n\n100 (34%) Vulnerabilities need to be patched in the next two weeks, or by **November 17, 2022**.\n\n#### Category 3 \u2013 Patch within six months\n\nThe remaining 176 vulnerabilities (60%) must be patched within the next six months or by **May 3, 2022**.\n\n## Detect CISA's Vulnerabilities Using Qualys VMDR\n\nThe Qualys Research team has released several remote and authenticated detections (QIDs) for the vulnerabilities. Since the directive includes 291 CVEs, we recommend executing your search based on vulnerability criticality, release date, or other categories.\n\nFor example, to detect critical CVEs released in 2021:\n\n_vulnerabilities.vulnerability.criticality:CRITICAL and vulnerabilities.vulnerability.cveIds:[ `CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]_\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture1.jpg)\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using the VMDR Prioritization report.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture2.jpg)\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture3.png)\n\nWith Qualys Unified Dashboard, you can track your exposure to the CISA Known Exploited Vulnerabilities and gather your status and overall management in real-time. With trending enabled for dashboard widgets, you can keep track of the status of the vulnerabilities in your environment using the ["CISA 2010-21| KNOWN EXPLOITED VULNERABILITIES"](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture4.png)\n\n### Summary Dashboard High Level Structured by Vendor:\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture5.png)\n\n## Remediation\n\nTo comply with this directive, federal agencies must remediate most "Category 2" vulnerabilities by **November 17, 2021**, and "Category 3" by May 3, 2021. Qualys Patch Management can help streamline the remediation of many of these vulnerabilities.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive's aggressive remediation date of November 17, 2021. Running this query will find all required patches and allow quick and efficient deployment of those missing patches to all assets directly from within the Qualys Cloud Platform.\n\ncve:[`CVE-2021-1497`,`CVE-2021-1498`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-1782`,`CVE-2021-1870`,`CVE-2021-1871`,`CVE-2021-1879`,`CVE-2021-1905`,`CVE-2021-1906`,`CVE-2021-20016`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-21972`,`CVE-2021-21985`,`CVE-2021-22005`,`CVE-2021-22205`,`CVE-2021-22502`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-22986`,`CVE-2021-26084`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-27101`,`CVE-2021-27102`,`CVE-2021-27103`,`CVE-2021-27104`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-28663`,`CVE-2021-28664`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-30657`,`CVE-2021-30661`,`CVE-2021-30663`,`CVE-2021-30665`,`CVE-2021-30666`,`CVE-2021-30713`,`CVE-2021-30761`,`CVE-2021-30762`,`CVE-2021-30807`,`CVE-2021-30858`,`CVE-2021-30860`,`CVE-2021-30860`,`CVE-2021-30869`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40444`,`CVE-2021-40539`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42258` ]\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture6.jpg)\n\nQualys patch content covers many Microsoft, Linux, and third-party applications; however, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch the remaining CVEs in this list.\n\nNote that the due date for \u201cCategory 1\u201d patches has already passed. To find missing patches in your environment for \u201cCategory 1\u201d past due CVEs, copy the following query into the Patch Management app:\n\ncve:['CVE-2021-1732\u2032,'CVE-2020-1350\u2032,'CVE-2020-1472\u2032,'CVE-2021-26855\u2032,'CVE-2021-26858\u2032,'CVE-2021-27065\u2032,'CVE-2020-0601\u2032,'CVE-2021-26857\u2032,'CVE-2021-22893\u2032,'CVE-2020-8243\u2032,'CVE-2021-22900\u2032,'CVE-2021-22894\u2032,'CVE-2020-8260\u2032,'CVE-2021-22899\u2032,'CVE-2019-11510']\n\n![](https://blog.qualys.com/wp-content/uploads/2021/11/Picture7.jpg)\n\n## Federal Enterprises and Agencies Can Act Now\n\nFor federal enterprises and agencies, it's a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>).\n\nHere are a few steps Federal enterprises can take immediately:\n\n * Run vulnerability assessments against all your assets by leveraging various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Patch Management to apply patches and other configurations changes\n * Track remediation progress through Unified Dashboards\n\n## Summary\n\nUnderstanding vulnerabilities is a critical but partial part of threat mitigation. Qualys VMDR helps customers discover, assess threats, assign risk, and remediate threats in one solution. Qualys customers rely on the accuracy of Qualys' threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any organization efficiently respond to the CISA directive.\n\n## Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-11-09T06:15:01", "type": "qualysblog", "title": "Qualys Response to CISA Alert: Binding Operational Directive 22-01", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-11510", "CVE-2020-0601", "CVE-2020-1350", "CVE-2020-1472", "CVE-2020-8243", "CVE-2020-8260", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-1782", "CVE-2021-1870", "CVE-2021-1871", "CVE-2021-1879", "CVE-2021-1905", "CVE-2021-1906", "CVE-2021-20016", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-21972", "CVE-2021-21985", "CVE-2021-22005", "CVE-2021-22205", "CVE-2021-22502", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-22986", "CVE-2021-26084", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-27101", "CVE-2021-27102", "CVE-2021-27103", "CVE-2021-27104", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-28663", "CVE-2021-28664", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-30657", "CVE-2021-30661", "CVE-2021-30663", "CVE-2021-30665", "CVE-2021-30666", "CVE-2021-30713", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-30807", "CVE-2021-30858", "CVE-2021-30860", "CVE-2021-30869", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40444", "CVE-2021-40539", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42258"], "modified": "2021-11-09T06:15:01", "id": "QUALYSBLOG:BC22CE22A3E70823D5F0E944CBD5CE4A", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-Actual-1.jpg)\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-2.jpg)\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-3.jpg)\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-4-scaled.jpg)\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/patch-mgmt-windows2.jpg)\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n![](https://blog.qualys.com/wp-content/uploads/2022/02/CISA-6.jpg)\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2023-05-27T14:19:18", "description": "Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-12T19:15:00", "type": "cve", "title": "CVE-2021-21079", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21079"], "modified": "2021-12-03T17:46:00", "cpe": ["cpe:/a:adobe:connect:11.0.7"], "id": "CVE-2021-21079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21079", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:connect:11.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:19:18", "description": "Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2021-03-12T19:15:00", "type": "cve", "title": "CVE-2021-21080", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21080"], "modified": "2021-12-03T17:46:00", "cpe": ["cpe:/a:adobe:connect:11.0.7"], "id": "CVE-2021-21080", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21080", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:adobe:connect:11.0.7:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:19:19", "description": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Exploitation of this issue requires physical access and user interaction.", "cvss3": {"exploitabilityScore": 0.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T19:15:00", "type": "cve", "title": "CVE-2021-21068", "cwe": ["CWE-379"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21068"], "modified": "2021-12-03T17:42:00", "cpe": ["cpe:/a:adobe:creative_cloud_desktop_application:5.3"], "id": "CVE-2021-21068", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21068", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:creative_cloud_desktop_application:5.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:19:18", "description": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution in the process of the current user. Exploitation of this issue requires user interaction", "cvss3": {"exploitabilityScore": 0.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T19:15:00", "type": "cve", "title": "CVE-2021-21078", "cwe": ["CWE-426"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21078"], "modified": "2021-12-03T17:43:00", "cpe": ["cpe:/a:adobe:creative_cloud_desktop_application:5.3"], "id": "CVE-2021-21078", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21078", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:creative_cloud_desktop_application:5.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:19:15", "description": "Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a local privilege escalation vulnerability that could allow an attacker to call functions against the installer to perform high privileged actions. Exploitation of this issue does not require user interaction.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-12T19:15:00", "type": "cve", "title": "CVE-2021-21069", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21069"], "modified": "2021-09-08T17:23:00", "cpe": ["cpe:/a:adobe:creative_cloud_desktop_application:5.3"], "id": "CVE-2021-21069", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21069", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:creative_cloud_desktop_application:5.3:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-27T14:19:13", "description": "Adobe Framemaker version 2020.0.1 (and earlier) is affected by an Out-of-bounds Read vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-12T19:15:00", "type": "cve", "title": "CVE-2021-21056", "cwe": ["CWE-125"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21056"], "modified": "2021-03-18T19:39:00", "cpe": [], "id": "CVE-2021-21056", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21056", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": []}, {"lastseen": "2023-05-27T14:19:08", "description": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-11T20:15:00", "type": "cve", "title": "CVE-2021-21017", "cwe": ["CWE-787"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017"], "modified": "2022-08-05T18:26:00", "cpe": ["cpe:/a:adobe:acrobat_reader:17.011.30188", "cpe:/a:adobe:acrobat:20.001.30018", "cpe:/a:adobe:acrobat_dc:20.013.20074", "cpe:/a:adobe:acrobat_reader_dc:20.013.20074", "cpe:/a:adobe:acrobat:17.011.30188", "cpe:/a:adobe:acrobat_reader:20.001.300183"], "id": "CVE-2021-21017", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21017", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader_dc:20.013.20074:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat_dc:20.013.20074:*:*:*:continuous:*:*:*", "cpe:2.3:a:adobe:acrobat:17.011.30188:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat:20.001.30018:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:17.011.30188:*:*:*:classic:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:20.001.300183:*:*:*:classic:*:*:*"]}], "zdi": [{"lastseen": "2023-05-27T15:51:19", "description": "This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Creative Cloud on Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Adobe privileged helper tool. The issue lies in the lack of proper validation of the helper clients. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-15T00:00:00", "type": "zdi", "title": "Adobe Creative Cloud Improper Privilege Management Privilege Escalation Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21069"], "modified": "2021-03-15T00:00:00", "id": "ZDI-21-281", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-281/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T15:51:19", "description": "This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe FrameMaker. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-03-15T00:00:00", "type": "zdi", "title": "Adobe FrameMaker PDF File Parsing Out-of-Bounds Read Remote Code Execution Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21056"], "modified": "2021-03-15T00:00:00", "id": "ZDI-21-282", "href": "https://www.zerodayinitiative.com/advisories/ZDI-21-282/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "githubexploit": [{"lastseen": "2022-08-15T21:06:24", "description": "# CVE-2021-21017\n\n## Not another Adobe Reader Byte Order Mark bu...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-26T14:18:13", "type": "githubexploit", "title": "Exploit for Out-of-bounds Write in Adobe Acrobat", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017"], "modified": "2022-08-15T15:41:47", "id": "97B4F1B6-8D2A-54CF-B2DF-9B00FD2281DD", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}, {"lastseen": "2023-05-27T15:33:55", "description": "# CVE-2021-21017\n\n## Not another Adobe Reader Byte Order Mark bu...", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-29T14:45:16", "type": "githubexploit", "title": "Exploit for Out-of-bounds Write in Adobe Acrobat", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017"], "modified": "2022-03-29T14:45:28", "id": "A3CF9029-7017-54E6-A5D2-340157519576", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "privateArea": 1}], "checkpoint_advisories": [{"lastseen": "2022-02-16T23:41:06", "description": "A buffer overflow vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "checkpoint_advisories", "title": "Adobe Acrobat and Reader Heap-based Buffer Overflow (APSB21-09: CVE-2021-21017)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017"], "modified": "2021-02-09T00:00:00", "id": "CPAI-2021-0066", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "cisa_kev": [{"lastseen": "2023-05-27T15:17:54", "description": "Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-03T00:00:00", "type": "cisa_kev", "title": "Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017"], "modified": "2021-11-03T00:00:00", "id": "CISA-KEV-CVE-2021-21017", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "attackerkb": [{"lastseen": "2023-05-28T05:19:33", "description": "Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by a heap-based buffer overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.\n\n \n**Recent assessments:** \n \n**ccondon-r7** at March 30, 2021 10:13pm UTC reported:\n\nHeap-based buffer overflow used in \u201climited, targeted attacks\u201d according to Adobe\u2019s advisory: <https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>\n\n**NinjaOperator** at June 28, 2021 5:32pm UTC reported:\n\nHeap-based buffer overflow used in \u201climited, targeted attacks\u201d according to Adobe\u2019s advisory: <https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>\n\nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "attackerkb", "title": "CVE-2021-21017", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017"], "modified": "2021-02-12T00:00:00", "id": "AKB:A85EDE41-3F67-480B-8858-46B5D866EB51", "href": "https://attackerkb.com/topics/ysmVomBsUw/cve-2021-21017", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "malwarebytes": [{"lastseen": "2021-02-13T13:09:08", "description": "Traditionally the second Tuesday of the month is Microsoft\u2019s \u201cpatch Tuesday\u201d. This is the day when they roll out all the available patches for their software, and their operating systems in particular.\n\nSince there were no less than 56 patches in this month\u2019s issue we will focus on the most important ones. Not that 56 is an awful lot. There were [more than 80 in January](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/01/microsoft-issues-83-patches-one-for-actively-exploited-vulnerability/>).\n\n### Microsoft CVEs by importance\n\nPublicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. Its goal is to make it easier to share data across separate vulnerability capabilities (tools, databases, and services). The most notable CVE\u2019s in this update were:\n\n * [CVE-2021-1732](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1732>) Windows Win32k elevation of privilege (EoP) vulnerability. This one we listed first as it\u2019s actively exploited in the wild. With a EoP vulnerability attackers can raise their authorization permissions beyond those initially granted. For example, if an attacker gains access to a system but only has read-only permissions they can use an EoP vulnerability to raise them to \u201cread and write\u201d, giving them an option to make unwanted changes.\n * [CVE-2021-26701](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-26701>) a .NET Core Remote Code Execution (RCE) vulnerability. A remote code execution (RCE) attack happens when a threat actor illegally accesses and manipulates a computer or server without authorization from its owner. This is the only critical bug Microsoft listed as publicly known.\n * [CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) an IPv4 security vulnerability concerning source routing behavior. Microsoft adds to say: IPv4 Source routing is considered insecure and is blocked by default in Windows; however, a system will process the request and return an ICMP message denying the request.\n * [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) an IPv6 security vulnerability concerning the reassembly limit and related to the previous one. The reassembly limit controls the IP fragmentation, which is an Internet Protocol (IP) process that breaks packets into smaller fragments, so that the resulting pieces can pass through a link with a smaller maximum transmission unit (MTU) than the original packet size. The fragments are reassembled by the receiving host. Apparently an attacker could construe packets leading to a situation where a large number of fragments could lead to code execution.\n * [CVE-2021-1721](<https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1721>) a .NET Core and Visual Studio Denial of Service vulnerability. A Denial of Service attack is focused on making a resource (site, application, server) unavailable for the purpose it was designed.\n * [CVE-2021-1722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1722>) and [CVE-2021-24077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24077>) are both Windows Fax Service RCE problems. It's important to remember that even if you don\u2019t use \u201cWindows Fax and Scan\u201d, the Windows Fax Services is enabled by default.\n * [CVE-2021-1733](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1733>) is for Sysinternals\u2019 PsExec Elevation of Privilege vulnerability. While this one is listed as not likely to be exploited, the tool itself is worth keeping an eye on, because it's so popular with cybercriminals. They like it because, as a legitimate administration tool, it isn't normally detected as malicious software by default.\n\nIf you are all about prioritizing your updates, these are the ones that we recommend doing first. Everyone else is advised to install the updates at their earliest convenience.\n\nOne other notable thing is the default enabling of the Domain Controller enforcement mode. This was done to counter the effects of the ZeroLogon vulnerability which is being exploited in the wild. We already covered the full story of [ZeroLogon](<https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/01/the-story-of-zerologon/>) where this change was announced.\n\n### Adobe Reader for a change\n\nAnd while you are about to start your update cycles, you may want to have a look at this one from Adobe. Because this one is already actively being exploited as well. Where Adobe was notoriously famous for the bugs in their Flash Player, which has now reached [end-of-life](<https://blog.malwarebytes.com/awareness/2021/01/adobe-flash-player-reaches-end-of-life/>), occasionally a vulnerability in their Reader attracts some attention.\n\n[CVE-2021-21017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21017>) is a critical heap-based buffer overflow flaw. Heap is the name for a region of a process\u2019 memory which is used to store dynamic variables. A buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region. In software exploit code, two common areas that are targeted for overflows are the stack and the heap.\n\nSo, by creating a specially crafted input, attackers could use this vulnerability to write code into a memory location where they normally wouldn\u2019t have access. In their advisory Adobe states that it has received a report that CVE-2021-21017 has been exploited in the wild in limited attacks targeting Adobe Reader users on Windows.\n\nBoth Adobe Acrobat and Adobe Reader will automatically detect if a new version of the software is available. The program will check for a new version when you launch either Acrobat or Reader as an application and will prompt you to install a new version when it's available. IT administrators can control the update settings by using the [Adobe Customization Wizard](<https://www.adobe.com/nl/devnet-docs/acrobatetk/tools/Wizard/WizardDC/index.html>).\n\nStay safe, everyone!\n\nThe post [Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits](<https://blog.malwarebytes.com/malwarebytes-news/2021/02/big-patch-tuesday-microsoft-and-adobe-fix-in-the-wild-exploits/>) appeared first on [Malwarebytes Labs](<https://blog.malwarebytes.com>).", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-10T17:26:33", "type": "malwarebytes", "title": "Big Patch Tuesday: Microsoft and Adobe fix in-the-wild exploits", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1721", "CVE-2021-1722", "CVE-2021-1732", "CVE-2021-1733", "CVE-2021-21017", "CVE-2021-24074", "CVE-2021-24077", "CVE-2021-24094", "CVE-2021-26701"], "modified": "2021-02-10T17:26:33", "id": "MALWAREBYTES:3C358DDA439A247A9677866AFE8FA961", "href": "https://blog.malwarebytes.com/malwarebytes-news/2021/02/big-patch-tuesday-microsoft-and-adobe-fix-in-the-wild-exploits/", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "thn": [{"lastseen": "2022-05-09T12:39:08", "description": "[![](https://thehackernews.com/images/-pOCXw5Vbz4E/YCNjQpEwYHI/AAAAAAAABuA/DON2kef7nngGbrXuKE_q5XlYxFXBjgnbQCLcBGAsYHQ/s0/microsoft-windows-update.jpg)](<https://thehackernews.com/images/-pOCXw5Vbz4E/YCNjQpEwYHI/AAAAAAAABuA/DON2kef7nngGbrXuKE_q5XlYxFXBjgnbQCLcBGAsYHQ/s0/microsoft-windows-update.jpg>)\n\nMicrosoft on Tuesday [issued fixes for 56 flaws](<https://msrc.microsoft.com/update-guide/releaseNote/2021-Feb>), including a critical vulnerability that's known to be actively exploited in the wild.\n\nIn all, 11 are listed as Critical, 43 are listed as Important, and two are listed as Moderate in severity \u2014 six of which are previously disclosed vulnerabilities.\n\nThe updates cover .NET Framework, Azure IoT, Microsoft Dynamics, Microsoft Edge for Android, Microsoft Exchange Server, Microsoft Office, Microsoft Windows Codecs Library, Skype for Business, Visual Studio, Windows Defender, and other core components such as Kernel, TCP/IP, Print Spooler, and Remote Procedure Call (RPC).\n\n### A Windows Win32k Privilege Escalation Vulnerability\n\nThe most critical of the flaws is a Windows Win32k privilege escalation vulnerability (CVE-2021-1732, CVSS score 7.8) that allows attackers with access to a target system to run malicious code with elevated permissions. Microsoft credited JinQuan, MaDongZe, TuXiaoYi, and LiHao of DBAPPSecurity for discovering and reporting the vulnerability.\n\nIn a separate technical write-up, the researchers said a zero-day exploit leveraging the flaw was detected in a \"very limited number of attacks\" against victims located in China by a threat actor named Bitter APT. The attacks were discovered in December 2020.\n\n\"This zero-day is a new vulnerability which caused by win32k callback, it could be used to escape the sandbox of Microsoft [Internet Explorer] browser or Adobe Reader on the latest Windows 10 version,\" DBAPPSecurity researchers [said](<https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/>). \"The vulnerability is high quality and the exploit is sophisticated.\"\n\nIt's worth noting that Adobe, as part of its February patch, [addressed](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>) a critical buffer overflow flaw in Adobe Acrobat and Reader for Windows and macOS (CVE-2021-21017) that it said could lead to arbitrary code execution in the context of the current user.\n\nThe company also warned of active exploitation attempts against the bug in the wild in limited attacks targeting Adobe Reader users on Windows, mirroring aforementioned findings from DBAPPSecurity.\n\nWhile neither Microsoft nor Adobe has provided additional details, the concurrent patching of the two flaws raises the possibility that the vulnerabilities are being chained to carry out the in-the-wild attacks.\n\n### Netlogon Enforcement Mode Goes Into Effect\n\nMicrosoft's Patch Tuesday update also resolves a number of remote code execution (RCE) flaws in Windows DNS Server (CVE-2021-24078), .NET Core, and Visual Studio (CVE-2021-26701), Microsoft Windows Codecs Library (CVE-2021-24081), and Fax Service (CVE-2021-1722 and CVE-2021-24077).\n\nThe RCE in Windows DNS server component is rated 9.8 for severity, making it a critical vulnerability that, if left unpatched, could permit an unauthorized adversary to execute arbitrary code and potentially redirect legitimate traffic to malicious servers.\n\nMicrosoft is also taking this month to push second round of fixes for the [Zerologon](<https://thehackernews.com/2020/09/detecting-and-preventing-critical.html>) flaw (CVE-2020-1472) that was originally resolved in August 2020, following which [reports of active exploitation](<https://twitter.com/MsftSecIntel/status/1308941504707063808>) targeting unpatched systems emerged in September 2020.\n\nStarting February 9, the domain controller \"[enforcement mode](<https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/>)\" will be [enabled by default](<https://support.microsoft.com/help/4557222#EnablingEnforcementMode>), thus blocking \"vulnerable [Netlogon] connections from non-compliant devices.\"\n\nIn addition, the Patch Tuesday update rectifies two information disclosure bugs \u2014 one in Edge browser for Android (CVE-2021-24100) that could have revealed personally identifiable information and payment information of a user, and the other in Microsoft Teams for iOS (CVE-2021-24114) that could have exposed the Skype token value in the preview URL for images in the app.\n\n### RCE Flaws in Windows TCP/IP Stack\n\nLastly, the Windows maker released a set of fixes affecting its TCP/IP implementation \u2014 consisting of two RCE flaws (CVE-2021-24074 and CVE-2021-24094) and one denial of service vulnerability (CVE-2021-24086) \u2014 that it said could be exploited with a DoS attack.\n\n\"The DoS exploits for these CVEs would allow a remote attacker to cause a stop error,\" Microsoft [said](<https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/>) in an advisory. \"Customers might receive a blue screen on any Windows system that is directly exposed to the internet with minimal network traffic. Thus, we recommend customers move quickly to apply Windows security updates this month.\"\n\nThe tech giant, however, noted that the complexity of the two TCP/IP RCE flaws would make it hard to develop functional exploits. But it expects attackers to create DoS exploits much more easily, turning the security weakness into an ideal candidate for exploitation in the wild.\n\nTo install the latest security updates, Windows users can head to Start > Settings > Update & Security > Windows Update or by selecting Check for Windows updates.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-02-10T04:44:00", "type": "thn", "title": "Microsoft Issues Patches for In-the-Wild 0-day and 55 Others Windows Bugs", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1472", "CVE-2021-1722", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-24074", "CVE-2021-24077", "CVE-2021-24078", "CVE-2021-24081", "CVE-2021-24086", "CVE-2021-24094", "CVE-2021-24100", "CVE-2021-24114", "CVE-2021-26701"], "modified": "2021-02-15T11:58:01", "id": "THN:0C87C22B19E7073574F7BA69985A07BF", "href": "https://thehackernews.com/2021/02/microsoft-issues-patches-for-in-wild-0.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "securelist": [{"lastseen": "2021-05-31T11:03:47", "description": "![](https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/05/22101624/malware_SL_pic3-990x400.jpg)\n\n_These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data._\n\n## Quarterly figures\n\nAccording to Kaspersky Security Network, in Q1 2021:\n\n * Kaspersky solutions blocked 2,023,556,082 attacks launched from online resources across the globe.\n * 613,968,631 unique URLs were recognized as malicious by Web Anti-Virus components.\n * Attempts to run malware designed to steal money via online access to bank accounts were stopped on the computers of 118,099 users.\n * Ransomware attacks were defeated on the computers of 91,841 unique users.\n * Our File Anti-Virus detected 77,415,192 unique malicious and potentially unwanted objects.\n\n## Financial threats\n\n### Financial threat statistics\n\nAt the end of last year, the number of users attacked by malware designed to steal money from bank accounts gradually decreased, a trend that continued in Q1 2021. This quarter, in total, Kaspersky solutions blocked the malware of such type on the computers of 118,099 unique users.\n\n_Number of unique users attacked by financial malware, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110545/01-en-malware-report-q1-2021-pc.png>))_\n\n**Attack geography**\n\n_To evaluate and compare the risk of being infected by banking Trojans and ATM/POS malware worldwide, for each country we calculated the share of users of Kaspersky products who faced this threat during the reporting period as a percentage of all users of our products in that country._\n\n_Geography of financial malware attacks, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110629/02-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Turkmenistan | 6.3 \n2 | Tajikistan | 5.3 \n3 | Afghanistan | 4.8 \n4 | Uzbekistan | 4.6 \n5 | Paraguay | 3.2 \n6 | Yemen | 2.1 \n7 | Costa Rica | 2.0 \n8 | Sudan | 2.0 \n9 | Syria | 1.5 \n10 | Venezuela | 1.4 \n \n_* Excluded are countries with relatively few Kaspersky product users (under 10,000). \n** Unique users whose computers were targeted by financial malware as a percentage of all unique users of Kaspersky products in the country._\n\nAs before, the most widespread family of bankers in Q1 was ZeuS/Zbot (30.8%). Second place was taken by the CliptoShuffler family (15.9%), and third by Trickster (7.5%). All in all, more than half of all attacked users encountered these families. The notorious banking Trojan Emotet (7.4%) was deprived of its infrastructure this quarter as a result of a [joint operation](<https://www.europol.europa.eu/newsroom/news/world's-most-dangerous-malware-emotet-disrupted-through-global-action>) by Europol, the FBI and other law enforcement agencies, and its share predictably collapsed.\n\n**Top 10 banking malware families**\n\n| Name | Verdicts | %* \n---|---|---|--- \n1 | Zbot | Trojan.Win32.Zbot | 30.8 \n2 | CliptoShuffler | Trojan-Banker.Win32.CliptoShuffler | 15.9 \n3 | Trickster | Trojan.Win32.Trickster | 7.5 \n4 | Emotet | Backdoor.Win32.Emotet | 7.4 \n5 | RTM | Trojan-Banker.Win32.RTM | 6.6 \n6 | Nimnul | Virus.Win32.Nimnul | 5.1 \n7 | Nymaim | Trojan.Win32.Nymaim | 4.7 \n8 | SpyEye | Trojan-Spy.Win32.SpyEye | 3.8 \n9 | Danabot | Trojan-Banker.Win32.Danabot | 2.9 \n10 | Neurevt | Trojan.Win32.Neurevt | 2.2 \n \n_** Unique users who encountered this malware family as a percentage of all users attacked by financial malware._\n\n## Ransomware programs\n\n### Quarterly trends and highlights\n\n**New additions to the ransomware arsenal**\n\nLast year, the SunCrypt and RagnarLocker ransomware groups adopted new scare tactics. If the victim organization is slow to pay up, even though its files are encrypted and some of its confidential data has been stolen, the attackers additionally threaten to carry out a DDoS attack. In Q1 2021, these two groups were joined by a third, Avaddon. Besides publishing stolen data, the ransomware operators said on their website that the victim would be subjected to a DDoS attack until it reached out to them.\n\nREvil (aka Sodinokibi) is another group looking to increase its extortion leverage. In addition to DDoS attacks, it has [added](<https://twitter.com/3xp0rtblog/status/1368149692383719426>) spam and calls to clients and partners of the victim company to its toolbox.\n\n**Attacks on vulnerable Exchange servers**\n\n[Serious vulnerabilities were recently discovered](<https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/>) in the Microsoft Exchange mail server, allowing [remote code execution](<https://encyclopedia.kaspersky.com/glossary/remote-code-execution-rce/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>). Ransomware distributors wasted no time in exploiting these vulnerabilities; to date, this infection vector was seen being used by the Black Kingdom and DearCry families.\n\n**Publication of keys**\n\nThe developers of the Fonix (aka XINOF) ransomware ceased distributing their Trojan and posted the master key online for decrypting affected files. We took this key and created a [decryptor](<https://www.kaspersky.com/blog/fonix-decryptor/38646/>) that anyone can use. The developers of another strain of ransomware, Ziggy, not only [published](<https://www.bleepingcomputer.com/news/security/ziggy-ransomware-shuts-down-and-releases-victims-decryption-keys/>) the keys for all victims, but also announced their [intention](<https://www.bleepingcomputer.com/news/security/ransomware-admin-is-refunding-victims-their-ransom-payments/>) to return the money to everyone who paid up.\n\n**Law enforcement successes**\n\nLaw enforcement agencies under the US Department of Justice [seized](<https://www.justice.gov/opa/pr/department-justice-launches-global-action-against-netwalker-ransomware>) dark web resources used by NetWalker (aka Mailto) ransomware affiliates, and also brought charges against one of the alleged actors.\n\nFrench and Ukrainian law enforcers worked together to trace payments made through the Bitcoin ecosystem to Egregor ransomware distributors. The joint investigation resulted in the [arrest](<https://www.bleepingcomputer.com/news/security/egregor-ransomware-affiliates-arrested-by-ukrainian-french-police/>) of several alleged members of the Egregor gang.\n\nIn South Korea, a suspect in the GandCrab ransomware operation was [arrested](<https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-affiliate-arrested-for-phishing-attacks/>) (this family ceased active distribution back in 2019).\n\n### Number of new modifications\n\nIn Q1 2021, we detected seven new ransomware families and 4,354 new modifications of this malware type.\n\n_Number of new ransomware modifications, Q1 2020 \u2013 Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110702/03-en-ru-es-malware-report-q1-2021-pc.png>))_\n\n### Number of users attacked by ransomware Trojans\n\nIn Q1 2021, Kaspersky products and technologies protected 91,841 users from ransomware attacks.\n\n_Number of unique users attacked by ransomware Trojans, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110733/04-en-malware-report-q1-2021-pc.png>))_\n\n### Attack geography\n\n_Geography of attacks by ransomware Trojans, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110802/05-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries attacked by ransomware Trojans**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Bangladesh | 2.31% \n2 | Ethiopia | 0.62% \n3 | Greece | 0.49% \n4 | Pakistan | 0.49% \n5 | China | 0.48% \n6 | Tunisia | 0.44% \n7 | Afghanistan | 0.42% \n8 | Indonesia | 0.38% \n9 | Taiwan, Province of China | 0.37% \n10 | Egypt | 0.28% \n \n_* Excluded are countries with relatively few Kaspersky users (under 50,000). \n** Unique users attacked by ransomware Trojans as a percentage of all unique users of Kaspersky products in the country._\n\n### Top 10 most common families of ransomware Trojans\n\n| **Name** | **Verdicts** | **%*** \n---|---|---|--- \n1 | WannaCry | Trojan-Ransom.Win32.Wanna | 19.37% \n2 | (generic verdict) | Trojan-Ransom.Win32.Gen | 12.01% \n3 | (generic verdict) | Trojan-Ransom.Win32.Phny | 9.31% \n4 | (generic verdict) | Trojan-Ransom.Win32.Encoder | 8.45% \n5 | (generic verdict) | Trojan-Ransom.Win32.Agent | 7.36% \n6 | PolyRansom/VirLock | Trojan-Ransom.Win32.PolyRansom\n\nVirus.Win32.PolyRansom | 3.78% \n7 | (generic verdict) | Trojan-Ransom.Win32.Crypren | 2.93% \n8 | Stop | Trojan-Ransom.Win32.Stop | 2.79% \n9 | (generic verdict) | Trojan-Ransom.Win32.Cryptor | 2.17% \n10 | REvil/Sodinokibi | Trojan-Ransom.Win32.Sodin | 1.85% \n \n_* Unique Kaspersky users attacked by this family of ransomware Trojans as a percentage of all users attacked by such malware._\n\n## Miners\n\n### Number of new modifications\n\nIn Q1 2021, Kaspersky solutions detected 23,894 new modifications of miners. And though January and February passed off relatively calmly, March saw a sharp rise in the number of new modifications \u2014 more than fourfold compared to February.\n\n_Number of new miner modifications, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24110831/06-en-malware-report-q1-2021-pc.png>))_\n\n### Number of users attacked by miners\n\nIn Q1, we detected attacks using miners on the computers of 432,171 unique users of Kaspersky products worldwide. Although this figure has been rising for three months, it is premature to talk about a reversal of last year's trend, whereby the number of users attacked by miners actually fell. For now, we can tentatively assume that the growth in cryptocurrency prices, in particular bitcoin, has attracted the attention of cybercriminals and returned miners to their toolkit.\n\n_Number of unique users attacked by miners, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111053/07-en-malware-report-q1-2021-pc.png>))_\n\n### Attack geography\n\n_Geography of miner attacks, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111128/08-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries attacked by miners**\n\n| **Country*** | **%**** \n---|---|--- \n1 | Afghanistan | 4.65 \n2 | Ethiopia | 3.00 \n3 | Rwanda | 2.37 \n4 | Uzbekistan | 2.23 \n5 | Kazakhstan | 1.81 \n6 | Sri Lanka | 1.78 \n7 | Ukraine | 1.59 \n8 | Vietnam | 1.48 \n9 | Mozambique | 1.46 \n10 | Tanzania | 1.45 \n \n_* Excluded are countries with relatively few users of Kaspersky products (under 50,000). \n** Unique users attacked by miners as a percentage of all unique users of Kaspersky products in the country._\n\n## Vulnerable applications used by cybercriminals during cyber attacks\n\nIn Q1 2021, we noted a drop in the share of exploits for vulnerabilities in the Microsoft Office suite, but they still lead the pack with 59%. The most common vulnerability in the suite remains [CVE-2017-11882](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882>), a stack buffer overflow that occurs when processing objects in the Equation Editor component. Exploits for [CVE-2015-2523](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2523>) \u2014 use-after-free vulnerabilities in Microsoft Excel \u2014 and [CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>), which we've often written about, were also in demand. Note the age of these vulnerabilities \u2014 even the latest of them was discovered almost three years ago. So, once again, we remind you of the importance of regular updates.\n\nThe first quarter was rich not only in known exploits, but also new zero-day vulnerabilities. In particular, the interest of both [infosec experts](<https://securelist.com/zero-day-vulnerabilities-in-microsoft-exchange-server/101096/>) and cybercriminals was piqued by vulnerabilities in the popular Microsoft Exchange Server:\n\n * [CVE-2021-26855](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26855>)\u2014 a service-side request forgery vulnerability that allows remote code execution (RCE)\n * [CVE-2021-26857](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26857>)\u2014 an insecure deserialization vulnerability in the Unified Messaging service that can lead to code execution on the server\n * [CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26858>)\u2014 a post-authorization arbitrary file write vulnerability in Microsoft Exchange, which could also lead to remote code execution\n * [CVE-2021-27065](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-27065>)\u2014 as in the case of [CVE-2021-26858](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26858>), allows an authorized Microsoft Exchange user to write data to an arbitrary file in the system\n\nFound [in the wild](<https://encyclopedia.kaspersky.com/glossary/exploitation-in-the-wild-itw/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>), these vulnerabilities were used by APT groups, including as a springboard for ransomware distribution.\n\nDuring the quarter, vulnerabilities were also identified in Windows itself. In particular, the [CVE-2021-1732](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-1732>) vulnerability allowing privilege escalation was discovered in the Win32k subsystem. Two other vulnerabilities, [CVE-2021-1647](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-1647>) and [CVE-2021-24092](<https://nvd.nist.gov/vuln/detail/CVE-2021-24092>), were found in the Microsoft Defender antivirus engine, allowing elevation of user privileges in the system and execution of potentially dangerous code.\n\n_Distribution of exploits used by cybercriminals, by type of attacked application, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111159/09-en-malware-report-q1-2021-pc.png>))_\n\nThe second most popular were exploits for browser vulnerabilities (26.12%); their share in Q1 grew by more than 12 p.p. Here, too, there was no doing without newcomers: for example, the Internet Explorer script engine was found to contain the [CVE-2021-26411](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-26411>) vulnerability, which can lead to remote code execution on behalf of the current user through manipulations that corrupt the heap memory. This vulnerability was exploited by the [Lazarus](<https://securelist.ru/tag/lazarus/>) group to download malicious code and infect the system. Several vulnerabilities were discovered in Google Chrome:\n\n * [CVE-2021-21148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21148>)\u2014 heap buffer overflow in the V8 script engine, leading to remote code execution\n * [CVE-2021-21166](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21166>)\u2014 overflow and unsafe reuse of an object in memory when processing audio data, also enabling remote code execution\n * [CVE-2021-21139](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21139>)\u2014 bypassing security restrictions when using an iframe.\n\nOther interesting findings include a critical vulnerability in VMware vCenter Server, [CVE-2021-21972](<https://nvd.nist.gov/vuln/detail/CVE-2021-21972>), which allows remote code execution without any rights. Critical vulnerabilities in the popular SolarWinds Orion Platform \u2014 [CVE-2021-25274](<https://nvd.nist.gov/vuln/detail/CVE-2021-25274>), [CVE-2021-25275](<https://nvd.nist.gov/vuln/detail/CVE-2021-25275>) and [CVE-2021-25276](<https://nvd.nist.gov/vuln/detail/CVE-2021-25276>) \u2014 caused a major splash in the infosec environment. They gave attackers the ability to infect computers running this software, usually machines inside corporate networks and government institutions. Lastly, the [CVE-2021-21017](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21017>) vulnerability, discovered in Adobe Reader, caused a heap buffer overflow by means of a specially crafted document, giving an attacker the ability to execute code.\n\nAnalysis of network threats in Q1 2021 continued to show ongoing attempts to attack servers with a view to brute-force passwords for network services such as Microsoft SQL Server, RDP and SMB. Attacks using the popular EternalBlue, EternalRomance and other similar exploits were widespread. Among the most notable new vulnerabilities in this period were bugs in the Windows networking stack code related to handling the IPv4/IPv6 protocols: [CVE-2021-24074](<https://msrc.microsoft.com/update-guide/en-us/vulnerability/CVE-2021-24074>), [CVE-2021-24086](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24086>) and [CVE-2021-24094](<https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-24094>).\n\n## Attacks on macOS\n\nQ1 2021 was also rich in macOS-related news. Center-stage were cybercriminals who took pains to modify their [malware for the newly released MacBooks with M1 processors](<https://securelist.com/malware-for-the-new-apple-silicon-platform/101137/>). Updated adware for the new Macs also immediately appeared, in particular the [Pirrit family](<https://objective-see.com/blog/blog_0x62.html>) (whose members placed high in our Top 20 threats for macOS). In addition, we detected an interesting adware program written in the Rust language, and assigned it the verdict [AdWare.OSX.Convuster.a](<https://securelist.ru/convuster-macos-adware-in-rust/100859/>).\n\n**Top 20 threats for macOS**\n\n| **Verdict** | **%*** \n---|---|--- \n1 | AdWare.OSX.Pirrit.ac | 18.01 \n2 | AdWare.OSX.Pirrit.j | 12.69 \n3 | AdWare.OSX.Pirrit.o | 8.42 \n4 | AdWare.OSX.Bnodlero.at | 8.36 \n5 | Monitor.OSX.HistGrabber.b | 8.06 \n6 | AdWare.OSX.Pirrit.gen | 7.95 \n7 | Trojan-Downloader.OSX.Shlayer.a | 7.90 \n8 | AdWare.OSX.Cimpli.m | 6.17 \n9 | AdWare.OSX.Pirrit.aa | 6.05 \n10 | Backdoor.OSX.Agent.z | 5.27 \n11 | Trojan-Downloader.OSX.Agent.h | 5.09 \n12 | AdWare.OSX.Bnodlero.bg | 4.60 \n13 | AdWare.OSX.Ketin.h | 4.02 \n14 | AdWare.OSX.Bnodlero.bc | 3.87 \n15 | AdWare.OSX.Bnodlero.t | 3.84 \n16 | AdWare.OSX.Cimpli.l | 3.75 \n17 | Trojan-Downloader.OSX.Lador.a | 3.61 \n18 | AdWare.OSX.Cimpli.k | 3.48 \n19 | AdWare.OSX.Ketin.m | 2.98 \n20 | AdWare.OSX.Bnodlero.ay | 2.94 \n \n_* Unique users who encountered this malware as a percentage of all users of Kaspersky security solutions for macOS who were attacked._\n\nTraditionally, most of the Top 20 threats for macOS are adware programs: 15 in Q1. In the list of malicious programs, Trojan-Downloader.OSX.Shlayer.a (7.90%) maintained its popularity. Incidentally, this Trojan's task is to download adware from the Pirrit and Bnodlero families. But we also saw the reverse, when a member of the AdWare.OSX.Pirrit family dropped Backdoor.OSX.Agent.z into the system.\n\n### Threat geography\n\n_Geography of threats for macOS, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111228/10-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by share of attacked users**\n\n| **Country*** | **%**** \n---|---|--- \n1 | France | 4.62 \n2 | Spain | 4.43 \n3 | Italy | 4.36 \n4 | India | 4.11 \n5 | Canada | 3.59 \n6 | Mexico | 3.55 \n7 | Russia | 3.21 \n8 | Brazil | 3.18 \n9 | Great Britain | 2.96 \n10 | USA | 2.94 \n \n_* Excluded from the rating are countries with relatively few users of Kaspersky security solutions for macOS (under 10,000) \n** Unique users attacked as a percentage of all users of Kaspersky security solutions for macOS in the country._\n\nIn Q1 2021, Europe accounted for the Top 3 countries by share of attacked macOS users: France (4.62%), Spain (4.43%) and Italy (4.36%). The most common threats in all three were adware apps from the Pirrit family.\n\n## IoT attacks\n\n### IoT threat statistics\n\nIn Q1 2021, most of the devices that attacked Kaspersky traps did so using the Telnet protocol. A third of the attacking devices attempted to [brute-force](<https://encyclopedia.kaspersky.com/glossary/brute-force/?utm_source=securelist&utm_medium=blog&utm_campaign=termin-explanation>) our SSH traps.\n\nTelnet | 69.48% \n---|--- \nSSH | 30.52% \n \n_Distribution of attacked services by number of unique IP addresses of devices that carried out attacks, Q1 2021_\n\nThe statistics for cybercriminal working sessions with Kaspersky honeypots show similar Telnet dominance.\n\nTelnet | 77.81% \n---|--- \nSSH | 22.19% \n \n_Distribution of cybercriminal working sessions with Kaspersky traps, Q1 2021_\n\n_Geography of IP addresses of devices from which attempts were made to attack Kaspersky Telnet traps, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111259/11-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by location of devices from which attacks were carried out on Kaspersky Telnet traps**\n\n** ** | **Country** | **%*** \n---|---|--- \n1 | China | 33.40 \n2 | India | 13.65 \n3 | USA | 11.56 \n4 | Russia | 4.96 \n5 | Montenegro | 4.20 \n6 | Brazil | 4.19 \n7 | Taiwan, Province of China | 2.32 \n8 | Iran | 1.85 \n9 | Egypt | 1.84 \n10 | Vietnam | 1.73 \n \n_* Devices from which attacks were carried out in the given country as a percentage of the total number of devices in that country._\n\n### SSH-based attacks\n\n_Geography of IP addresses of devices from which attempts were made to attack Kaspersky SSH traps, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111335/12-en-malware-report-q1-2021-pc.png>))_\n\n**Top 10 countries by location of devices from which attacks were made on Kaspersky SSH traps**\n\n** ** | **Country** | **%*** \n---|---|--- \n1 | USA | 24.09 \n2 | China | 19.89 \n3 | Hong Kong | 6.38 \n4 | South Korea | 4.37 \n5 | Germany | 4.06 \n6 | Brazil | 3.74 \n7 | Russia | 3.05 \n8 | Taiwan, Province of China | 2.80 \n9 | France | 2.59 \n10 | India | 2.36 \n \n_* Devices from which attacks were carried out in the given country as a percentage of the total number of devices in that country._\n\n### Threats loaded into traps\n\n| Verdict | %* \n---|---|--- \n1 | Backdoor.Linux.Mirai.b | 50.50% \n2 | Trojan-Downloader.Linux.NyaDrop.b | 9.26% \n3 | Backdoor.Linux.Gafgyt.a | 3.01% \n4 | HEUR:Trojan-Downloader.Shell.Agent.bc | 2.72% \n5 | Backdoor.Linux.Mirai.a | 2.72% \n6 | Backdoor.Linux.Mirai.ba | 2.67% \n7 | Backdoor.Linux.Agent.bc | 2.37% \n8 | Trojan-Downloader.Shell.Agent.p | 1.37% \n9 | Backdoor.Linux.Gafgyt.bj | 0.78% \n10 | Trojan-Downloader.Linux.Mirai.d | 0.66% \n \n_* Share of malware type in the total number of malicious programs downloaded to IoT devices following a successful attack._\n\n## Attacks via web resources\n\n_The statistics in this section are based on Web Anti-Virus, which protects users when malicious objects are downloaded from malicious/infected web pages. Cybercriminals create such sites on purpose; web resources with user-created content (for example, forums), as well as hacked legitimate resources, can be infected._\n\n### Countries that are sources of web-based attacks: Top 10\n\n_The following statistics show the distribution by country of the sources of Internet attacks blocked by Kaspersky products on user computers (web pages with redirects to exploits, sites containing exploits and other malicious programs, botnet C&C centers, etc.). Any unique host could be the source of one or more web-based attacks._\n\n_To determine the geographical source of web-based attacks, domain names are matched against their actual domain IP addresses, and then the geographical location of a specific IP address (GEOIP) is established._\n\nIn Q1 2021, Kaspersky solutions blocked 2,023,556,082 attacks launched from online resources located across the globe. 613,968,631 unique URLs were recognized as malicious by Web Anti-Virus.\n\n_Distribution of web attack sources by country, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111405/13-en-malware-report-q1-2021-pc.png>))_\n\n### Countries where users faced the greatest risk of online infection\n\nTo assess the risk of online infection faced by users in different countries, for each country we calculated the percentage of Kaspersky users on whose computers Web Anti-Virus was triggered during the quarter. The resulting data provides an indication of the aggressiveness of the environment in which computers operate in different countries.\n\nThis rating only includes attacks by malicious objects that fall under the **Malware class**; it does not include Web Anti-Virus detections of potentially dangerous or unwanted programs such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Belarus | 15.81 \n2 | Ukraine | 13.60 \n3 | Moldova | 13.16 \n4 | Kyrgyzstan | 11.78 \n5 | Latvia | 11.38 \n6 | Algeria | 11.16 \n7 | Russia | 11.11 \n8 | Mauritania | 11.08 \n9 | Kazakhstan | 10.62 \n10 | Tajikistan | 10.60 \n11 | Uzbekistan | 10.39 \n12 | Estonia | 10.20 \n13 | Armenia | 9.44 \n14 | Mongolia | 9.36 \n15 | France | 9.35 \n16 | Greece | 9.04 \n17 | Azerbaijan | 8.57 \n18 | Madagascar | 8.56 \n19 | Morocco | 8.55 \n20 | Lithuania | 8.53 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000). \n** Unique users targeted by **Malware-class** attacks as a percentage of all unique users of Kaspersky products in the country._\n\n_These statistics are based on detection verdicts by the Web Anti-Virus module that were received from users of Kaspersky products who consented to provide statistical data._\n\nOn average, 7.67% of Internet user computers worldwide experienced at least one **Malware-class** attack.\n\n_Geography of web-based malware attacks, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111435/14-en-malware-report-q1-2021-pc.png>))_\n\n## Local threats\n\n_In this section, we analyze statistical data obtained from the OAS and ODS modules in Kaspersky products. It takes into account malicious programs that were found directly on users' computers or removable media connected to them (flash drives, camera memory cards, phones, external hard drives), or which initially made their way onto the computer in non-open form (for example, programs in complex installers, encrypted files, etc.)._\n\nIn Q1 2021, our File Anti-Virus detected **77,415,192** malicious and potentially unwanted objects.\n\n### Countries where users faced the highest risk of local infection\n\nFor each country, we calculated the percentage of Kaspersky product users on whose computers File Anti-Virus was triggered during the reporting period. These statistics reflect the level of personal computer infection in different countries.\n\nNote that this rating only includes attacks by malicious programs that fall under the **Malware class**; it does not include File Anti-Virus triggers in response to potentially dangerous or unwanted programs, such as RiskTool or adware.\n\n| Country* | % of attacked users** \n---|---|--- \n1 | Afghanistan | 47.71 \n2 | Turkmenistan | 43.39 \n3 | Ethiopia | 41.03 \n4 | Tajikistan | 38.96 \n5 | Bangladesh | 36.21 \n6 | Algeria | 35.49 \n7 | Myanmar | 35.16 \n8 | Uzbekistan | 34.95 \n9 | South Sudan | 34.17 \n10 | Benin | 34.08 \n11 | China | 33.34 \n12 | Iraq | 33.14 \n13 | Laos | 32.84 \n14 | Burkina Faso | 32.61 \n15 | Mali | 32.42 \n16 | Guinea | 32.40 \n17 | Yemen | 32.32 \n18 | Mauritania | 32.22 \n19 | Burundi | 31.68 \n20 | Sudan | 31.61 \n \n_* Excluded are countries with relatively few Kaspersky users (under 10,000)._ \n_** Unique users on whose computers **Malware-class** local threats were blocked, as a percentage of all unique users of Kaspersky products in the country._\n\n_Geography of local infection attempts, Q1 2021 ([download](<https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/05/24111505/15-en-malware-report-q1-2021-pc.png>))_\n\nOverall, 15.05% of user computers globally faced at least one **Malware-class** local threat during Q1.", "cvss3": {}, "published": "2021-05-31T10:00:05", "type": "securelist", "title": "IT threat evolution Q1 2021. Non-mobile statistics", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2015-2523", "CVE-2017-11882", "CVE-2018-0802", "CVE-2021-1647", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21139", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21972", "CVE-2021-24074", "CVE-2021-24086", "CVE-2021-24092", "CVE-2021-24094", "CVE-2021-25274", "CVE-2021-25275", "CVE-2021-25276", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27065"], "modified": "2021-05-31T10:00:05", "id": "SECURELIST:20C7BC6E3C43CD3D939A2E3EAE01D4C1", "href": "https://securelist.com/it-threat-evolution-q1-2021-non-mobile-statistics/102425/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2023-05-27T15:03:43", "description": "### *Detect date*:\n02/09/2021\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Adobe Acrobat and Adobe Acrobat Reader. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, cause denial of service, bypass security restrictions.\n\n### *Exploitation*:\nThe following public exploits exists for this vulnerability:\n\n### *Affected products*:\nAdobe Acrobat DC Continuous earlier than 2021.001.20135 \nAdobe Acrobat 2020 Classic earlier than 2020.001.30020 \nAdobe Acrobat 2017 Classic earlier than 2017.011.30190 \nAdobe Acrobat Reader DC Continuous earlier than 2021.001.20135 \nAdobe Acrobat Reader 2020 Classic earlier than 2020.001.30020 \nAdobe Acrobat Reader 2017 Classic earlier than 2017.011.30190\n\n### *Solution*:\nUpdate to the latest version \n[Download Adobe Acrobat Reader DC](<https://get2.adobe.com/uk/reader/>)\n\n### *Original advisories*:\n[APSB21-09](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Adobe Acrobat Reader DC Continuous](<https://threats.kaspersky.com/en/product/Adobe-Acrobat-Reader-DC-Continuous/>)\n\n### *CVE-IDS*:\n[CVE-2021-21035](<https://vulners.com/cve/CVE-2021-21035>)6.8High \n[CVE-2021-21060](<https://vulners.com/cve/CVE-2021-21060>)4.3Warning \n[CVE-2021-21034](<https://vulners.com/cve/CVE-2021-21034>)4.3Warning \n[CVE-2021-21036](<https://vulners.com/cve/CVE-2021-21036>)6.8High \n[CVE-2021-21037](<https://vulners.com/cve/CVE-2021-21037>)6.8High \n[CVE-2021-21058](<https://vulners.com/cve/CVE-2021-21058>)9.3Critical \n[CVE-2021-21028](<https://vulners.com/cve/CVE-2021-21028>)6.8High \n[CVE-2021-21062](<https://vulners.com/cve/CVE-2021-21062>)9.3Critical \n[CVE-2021-21044](<https://vulners.com/cve/CVE-2021-21044>)9.3Critical \n[CVE-2021-21041](<https://vulners.com/cve/CVE-2021-21041>)6.8High \n[CVE-2021-21063](<https://vulners.com/cve/CVE-2021-21063>)9.3Critical \n[CVE-2021-21057](<https://vulners.com/cve/CVE-2021-21057>)4.3Warning \n[CVE-2021-21033](<https://vulners.com/cve/CVE-2021-21033>)6.8High \n[CVE-2021-21038](<https://vulners.com/cve/CVE-2021-21038>)6.8High \n[CVE-2021-21046](<https://vulners.com/cve/CVE-2021-21046>)4.3Warning \n[CVE-2021-21045](<https://vulners.com/cve/CVE-2021-21045>)9.3Critical \n[CVE-2021-21061](<https://vulners.com/cve/CVE-2021-21061>)4.3Warning \n[CVE-2021-21017](<https://vulners.com/cve/CVE-2021-21017>)6.8High \n[CVE-2021-21040](<https://vulners.com/cve/CVE-2021-21040>)6.8High \n[CVE-2021-21039](<https://vulners.com/cve/CVE-2021-21039>)6.8High \n[CVE-2021-21042](<https://vulners.com/cve/CVE-2021-21042>)4.3Warning \n[CVE-2021-21021](<https://vulners.com/cve/CVE-2021-21021>)6.8High \n[CVE-2021-21059](<https://vulners.com/cve/CVE-2021-21059>)9.3Critical \n[CVE-2021-21086](<https://vulners.com/cve/CVE-2021-21086>)6.8High \n[CVE-2021-28546](<https://vulners.com/cve/CVE-2021-28546>)4.3Warning \n[CVE-2021-21089](<https://vulners.com/cve/CVE-2021-21089>)4.3Warning \n[CVE-2021-28545](<https://vulners.com/cve/CVE-2021-28545>)5.8High", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-02-09T00:00:00", "type": "kaspersky", "title": "KLA12066 Multiple vulnerabilities in Adobe Acrobat and Adobe Acrobat Reader", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-21017", "CVE-2021-21021", "CVE-2021-21028", "CVE-2021-21033", "CVE-2021-21034", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21042", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21046", "CVE-2021-21057", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21060", "CVE-2021-21061", "CVE-2021-21062", "CVE-2021-21063", "CVE-2021-21086", "CVE-2021-21089", "CVE-2021-28545", "CVE-2021-28546"], "modified": "2023-03-19T00:00:00", "id": "KLA12066", "href": "https://threats.kaspersky.com/en/vulnerability/KLA12066/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "threatpost": [{"lastseen": "2021-02-09T20:02:46", "description": "Adobe is warning of a critical vulnerability that has been exploited in the wild to target Adobe Reader users on Windows.\n\nThe vulnerability (CVE-2021-21017) has been exploited in \u201climited attacks,\u201d according to [Adobe\u2019s Tuesday advisory](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>), part of its regularly scheduled February updates. The flaw in question is a critical-severity [heap-based buffer overflow](<https://threatpost.com/google-chrome-zero-day-windows-mac/163688/>) flaw.\n\nThis type of [buffer-overflow error](<https://cwe.mitre.org/data/definitions/122.html>) occurs when the region of a process\u2019 memory used to store dynamic variables (the heap) can be overwhelmed. If a buffer-overflow occurs, it typically causes the affected program to behave incorrectly. With this flaw in particular, it can be exploited to execute arbitrary code on affected systems.\n\n[![](https://media.threatpost.com/wp-content/uploads/sites/103/2019/02/19151457/subscribe2.jpg)](<https://threatpost.com/newsletter-sign/>)\n\n\u201cAdobe has released security updates for Adobe Acrobat and Reader for Windows and macOS,\u201d said Adobe on Tuesday. \u201cThese updates address multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.\u201d\n\n## **Adobe Flaw: Security Updates**\n\nAcrobat is Adobe\u2019s popular family of application software and web services used to view, create and manage files. CVE-2021-21017, which was anonymously reported, affects the following Adobe Acrobat Reader versions:\n\n * Acrobat Reader DC versions 2020.013.20074 and earlier for Windows and macOS\n * Acrobat Reader 2020 versions 2020.001.30018 and earlier for Windows and macOS\n * Acrobat Reader 2017 versions 2017.011.30188 and earlier for Windows and macOS\n\nThe flaw has been patched in the following versions:\n\n * Acrobat Reader DC version 2021.001.20135\n * Acrobat Reader 2020 version 2020.001.30020\n * Acrobat Reader 2017 version 2017.011.30190\n\nThese patches are a priority level 1, which according to Adobe means they resolve \u201cvulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform.\u201d\n\n\u201cAdobe recommends administrators install the update as soon as possible. (for example, within 72 hours),\u201d [according to its update](<https://helpx.adobe.com/security/severity-ratings.html>).\n\n## **Other Adobe Acrobat and Reader Critical Flaws**\n\nIncluding this exploited flaw, Adobe patched flaws tied to 23 CVEs overall in Acrobat and Reader \u2013 including 17 critical-severity CVEs.\n\nMost of these critical flaws could allow for arbitrary code execution, including a path traversal glitch (CVE-2021-21037), integer overflow error (CVE-2021-21036) and out-of-bounds write issues (CVE-2021-21044, CVE-2021-21038). Also patched were buffer overflow flaws (CVE-2021-21058, CVE-2021-21059, CVE-2021-21062, CVE-2021-21063) and use-after-free errors (CVE-2021-21041, CVE-2021-21040, CVE-2021-21039, CVE-2021-21035, CVE-2021-21033, CVE-2021-21028 and CVE-2021-21021).\n\nA critical improper access control flaw (CVE-2021-21045) was also patched that allowed for privilege execution.\n\n## **Critical Magento Security Updates**\n\nIn addition to Acrobat and Reader security updates, Adobe also issued patches for critical vulnerabilities in Magento, its e-commerce platform.\n\nSeven critical flaws were patched as part of this security update. All these flaws, if exploited, could lead to arbitrary code execution. These flaws include three security bypass issues (CVE-2021-21015, CVE-2021-21016 and CVE-2021-21025), a command injection flaw (CVE-2021-21018), an XML injection vulnerability (CVE-2021-21019), a file upload allow list bypass (CVE-2021-21014) and a cross-site scripting flaw (CVE-2021-21030).\n\nAffected are Magento Commerce and Magento open source, 2.4.1 and earlier versions (with a fix in 2.4.2); 2.4.0-p1 and earlier versions (with a fix in 2.4.1-p1) and 2.3.6 and earlier versions (with a fix in 2.3.6-p1).\n\nThe update is a priority level 2, which according to Adobe \u201cresolves vulnerabilities in a product that has historically been at elevated risk.\u201d\n\nMagento would be categorized as an \u201celevated risk\u201d because it is commonly targeted by attackers like the [Magecart threat group](<https://threatpost.com/magecart-blue-bear-attack/151585/>) to target e-commerce stores for cyberattacks like web skimming. However, there are currently no known exploits for these flaws, said Adobe.\n\n## **Other Security Flaws in Adobe Products**\n\nAdobe on Tuesday also patched critical-severity flaws in Adobe Photoshop (CVE-2021-21049, CVE-2021-21050, CVE-2021-21048, CVE-2021-21051 and CVE-2021-21047), Adobe Animate (CVE-2021-21052) and Adobe Illustrator (CVE-2021-21053, CVE-2021-21054).\n\nHowever these patches came with a priority level 3 ranking, which means that they resolve vulnerabilities in a product that \u201chas historically not been a target for attackers.\u201d\n\nFor these flaws, \u201cAdobe recommends administrators install the update at their discretion,\u201d according to the security update.\n\nAdobe\u2019s February fixes come on the heels of a busy January security update, [when the company patched](<https://threatpost.com/adobe-critical-flaws-flash-player/162958/>) seven critical vulnerabilities. The impact of the most serious of these flaws ranged from arbitrary code execution to sensitive information disclosure.\n\n**_Is your business an easy mark? _**_Save your spot for \u201c15 Cybersecurity Gaffes SMBs Make,\u201d **a **_**[_FREE Threatpost webinar_](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>) **_**on Feb. 24 at 2 p.m. ET.** Cybercriminals count on you making these mistakes, but our experts will help you lock down your small- to mid-sized business like it was a Fortune 100. __[Register here](<https://threatpost.com/webinars/15-cybersecurity-gaffes-and-fixes-mid-size-businesses-face/?utm_source=ART&utm_medium=ART&utm_campaign=Feb_webinar>)__ for the Wed., Feb. 24 LIVE webinar. _\n", "cvss3": {}, "published": "2021-02-09T19:40:47", "type": "threatpost", "title": "Attackers Exploit Critical Adobe Bug, Target Windows", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-21014", "CVE-2021-21015", "CVE-2021-21016", "CVE-2021-21017", "CVE-2021-21018", "CVE-2021-21019", "CVE-2021-21021", "CVE-2021-21025", "CVE-2021-21028", "CVE-2021-21030", "CVE-2021-21033", "CVE-2021-21035", "CVE-2021-21036", "CVE-2021-21037", "CVE-2021-21038", "CVE-2021-21039", "CVE-2021-21040", "CVE-2021-21041", "CVE-2021-21044", "CVE-2021-21045", "CVE-2021-21047", "CVE-2021-21048", "CVE-2021-21049", "CVE-2021-21050", "CVE-2021-21051", "CVE-2021-21052", "CVE-2021-21053", "CVE-2021-21054", "CVE-2021-21058", "CVE-2021-21059", "CVE-2021-21062", "CVE-2021-21063"], "modified": "2021-02-09T19:40:47", "id": "THREATPOST:F006B56821C572012C6CBF003C78C596", "href": "https://threatpost.com/critical-adobe-windows-flaw/163789/", "cvss": {"score": 0.0, "vector": "NONE"}}], "rapid7blog": [{"lastseen": "2021-02-10T00:48:57", "description": "![Patch Tuesday - February 2021](https://blog.rapid7.com/content/images/2021/02/patches-2.jpg)\n\nThe second Patch Tuesday of 2021 is relatively light on the vulnerability count, with 64 CVEs being addressed across the majority of Microsoft\u2019s product families. Despite that, there\u2019s still plenty to discuss this month.\n\n### Vulnerability Breakdown by Software Family\n\nFamily | Vulnerability Count \n---|--- \nWindows | 28 \nESU | 14 \nMicrosoft Office | 11 \nBrowser | 9 \nDeveloper Tools | 8 \nMicrosoft Dynamics | 2 \nExchange Server | 2 \nAzure | 2 \nSystem Center | 2 \n \n### Exploited and Publicly Disclosed Vulnerabilities\n\nOne zero-day was announced: [CVE-2021-1732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732>) is a privilege elevation vulnerability affecting the Win32k component of Windows 10 and Windows Server 2019, reported to be exploited in the wild. Four vulnerabilities have been previously disclosed: [CVE-2021-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1727>), a privilege elevation vulnerability in Windows Installer, affecting all supported versions of Windows; [CVE-2021-24098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098>), which is a denial of service (DoS) affecting Windows 10 and Server 2019; [CVE-2021-24106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106>), an information disclosure vulnerability affecting DirectX in Windows 10 and Server 2019; and [CVE-2021-26701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701>), an RCE in .NET Core.\n\n### Vulnerabilities in Windows TCP/IP\n\nMicrosoft also disclosed a set of [three serious vulnerabilities](<https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/>) affecting the TCP/IP networking stack in all supported versions of Windows. Two of these ([CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) and [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>)) carry a base CVSSv3 score of 9.8 and could allow Remote Code Execution (RCE). [CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) is specific to IPv6 link-local addresses, meaning it isn\u2019t exploitable over the public internet. [CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>), however, does not have this limitation. The third, [CVE-2021-24086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086>), is a DoS vulnerability that could allow an attacker to trigger a \u201cblue screen of death\u201d on any Windows system that is directly exposed to the internet, using only a small amount of network traffic. The RCE exploits are probably not a threat in the short term, due to the complexity of the vulnerabilities, but DoS attacks are expected to be seen much more quickly. Windows systems should be patched as soon as possible to protect against these.\n\nIn the event a patch cannot be applied immediately, such as on systems that cannot be rebooted, Microsoft has published mitigation guidance that will protect against exploitation of the TCP/IP vulnerabilities. Depending on the exposure of an asset, IPv4 Source Routing should be disabled via a Group Policy or a Netsh command, and IPv6 packet reassembly should be disabled via a separate Netsh command. IPv4 Source Routing requests and IPv6 fragments can also be blocked load balancers, firewalls, or other edge devices to mitigate these issues.\n\n### Zerologon Update\n\nBack in August, 2020, Microsoft addressed a critical remote code vulnerability (CVE-2020-1472) affecting the Netlogon protocol (MS-NRPC), a.k.a. \u201c[Zerologon](<https://blog.rapid7.com/2020/09/14/cve-2020-1472-zerologon-critical-privilege-escalation/>)\u201d. In October, Microsoft [noted](<https://msrc-blog.microsoft.com/2020/10/29/attacks-exploiting-netlogon-vulnerability-cve-2020-1472/>) that attacks which exploit this weakness have been seen in the wild. On January 14, 2021, they [reminded](<https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/>) organizations that the February 2021 security update bundle will also be enabling \u201cDomain Controller enforcement mode\" by default to fully address this weakness. Any system that tries to make an insecure Netlogon connection will be denied access. Any business-critical process that relies on these insecure connections will cease to function. Rapid7 encourages all organizations to [heed the detailed guidance](<https://support.microsoft.com/en-us/topic/how-to-manage-the-changes-in-netlogon-secure-channel-connections-associated-with-cve-2020-1472-f7e8cc17-0309-1d6a-304e-5ba73cd1a11e#bkmk_detectingnon_compliant>) before applying the latest updates to ensure continued business process continuity.\n\n### Adobe\n\nMost important amongst the [six security advisories](<https://helpx.adobe.com/security.html>) published by Adobe today is [APSB21-09](<https://helpx.adobe.com/security/products/acrobat/apsb21-09.html>), detailing 23 CVEs affecting Adobe Acrobat and Reader. Six of these are rated Critical and allow Arbitrary Code Execution, and one of which (CVE-2021-21017), has been seen exploited in the wild in attacks targeting Adobe Reader users on Windows.\n\n### Summary Tables\n\n#### Azure Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24109](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24109>) | Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability | No | No | 6.8 | Yes \n[CVE-2021-24087](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24087>) | Azure IoT CLI extension Elevation of Privilege Vulnerability | No | No | 7 | Yes \n \n#### Browser Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24100](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24100>) | Microsoft Edge for Android Information Disclosure Vulnerability | No | No | 5 | Yes \n[CVE-2021-24113](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24113>) | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | No | No | 4.6 | Yes \n[CVE-2021-21148](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21148>) | Chromium CVE-2021-21148: Heap buffer overflow in V8 | N/A | N/A | nan | Yes \n[CVE-2021-21147](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21147>) | Chromium CVE-2021-21147: Inappropriate implementation in Skia | N/A | N/A | nan | Yes \n[CVE-2021-21146](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21146>) | Chromium CVE-2021-21146: Use after free in Navigation | N/A | N/A | nan | Yes \n[CVE-2021-21145](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21145>) | Chromium CVE-2021-21145: Use after free in Fonts | N/A | N/A | nan | Yes \n[CVE-2021-21144](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21144>) | Chromium CVE-2021-21144: Heap buffer overflow in Tab Groups | N/A | N/A | nan | Yes \n[CVE-2021-21143](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21143>) | Chromium CVE-2021-21143: Heap buffer overflow in Extensions | N/A | N/A | nan | Yes \n[CVE-2021-21142](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-21142>) | Chromium CVE-2021-21142: Use after free in Payments | N/A | N/A | nan | Yes \n \n#### Developer Tools Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-26700](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26700>) | Visual Studio Code npm-script Extension Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-1639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1639>) | Visual Studio Code Remote Code Execution Vulnerability | No | No | 7 | No \n[CVE-2021-1733](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1733>) | Sysinternals PsExec Elevation of Privilege Vulnerability | No | Yes | 7.8 | Yes \n[CVE-2021-24105](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24105>) | Package Managers Configurations Remote Code Execution Vulnerability | No | No | 8.4 | Yes \n[CVE-2021-24111](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24111>) | .NET Framework Denial of Service Vulnerability | No | No | 7.5 | No \n[CVE-2021-1721](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1721>) | .NET Core and Visual Studio Denial of Service Vulnerability | No | Yes | 6.5 | No \n[CVE-2021-26701](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26701>) | .NET Core Remote Code Execution Vulnerability | No | Yes | 8.1 | Yes \n[CVE-2021-24112](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24112>) | .NET Core Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n \n#### ESU Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24080](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24080>) | Windows Trust Verification API Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-24074](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24074>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24094](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24094>) | Windows TCP/IP Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24086](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24086>) | Windows TCP/IP Denial of Service Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-1734](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1734>) | Windows Remote Procedure Call Information Disclosure Vulnerability | No | No | 7.5 | Yes \n[CVE-2021-25195](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-25195>) | Windows PKU2U Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24088](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24088>) | Windows Local Spooler Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-1727](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1727>) | Windows Installer Elevation of Privilege Vulnerability | No | Yes | 7.8 | No \n[CVE-2021-24077](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24077>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-1722](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1722>) | Windows Fax Service Remote Code Execution Vulnerability | No | No | 8.1 | Yes \n[CVE-2021-24102](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24102>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24103](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24103>) | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24078](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24078>) | Windows DNS Server Remote Code Execution Vulnerability | No | No | 9.8 | Yes \n[CVE-2021-24083](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24083>) | Windows Address Book Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n#### Exchange Server Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24085](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24085>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | Yes \n[CVE-2021-1730](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1730>) | Microsoft Exchange Server Spoofing Vulnerability | No | No | 5.4 | Yes \n \n#### Microsoft Dynamics Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1724](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1724>) | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | No | No | 6.1 | No \n[CVE-2021-24101](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24101>) | Microsoft Dataverse Information Disclosure Vulnerability | No | No | 6.5 | Yes \n \n#### Microsoft Office Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-24073](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24073>) | Skype for Business and Lync Spoofing Vulnerability | No | No | 6.5 | No \n[CVE-2021-24099](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24099>) | Skype for Business and Lync Denial of Service Vulnerability | No | No | 6.5 | No \n[CVE-2021-24114](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24114>) | Microsoft Teams iOS Information Disclosure Vulnerability | No | No | 5.7 | Yes \n[CVE-2021-1726](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1726>) | Microsoft SharePoint Spoofing Vulnerability | No | No | 8 | Yes \n[CVE-2021-24072](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24072>) | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.8 | No \n[CVE-2021-24066](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24066>) | Microsoft SharePoint Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24071](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24071>) | Microsoft SharePoint Information Disclosure Vulnerability | No | No | 5.3 | Yes \n[CVE-2021-24067](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24067>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24068](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24068>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24069](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24069>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n[CVE-2021-24070](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24070>) | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes \n \n## System Center Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1728](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1728>) | System Center Operations Manager Elevation of Privilege Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24092](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24092>) | Microsoft Defender Elevation of Privilege Vulnerability | No | No | 7.8 | Yes \n \n#### Windows Vulnerabilities\n\nCVE | Vulnerability Title | Exploited | Publicly Disclosed | CVSSv3 Base Score | FAQ? \n---|---|---|---|---|--- \n[CVE-2021-1732](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732>) | Windows Win32k Elevation of Privilege Vulnerability | Yes | No | 7.8 | No \n[CVE-2021-1698](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1698>) | Windows Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24075](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24075>) | Windows Network File System Denial of Service Vulnerability | No | No | 6.8 | No \n[CVE-2021-24084](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24084>) | Windows Mobile Device Management Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24096](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24096>) | Windows Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No \n[CVE-2021-24093](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24093>) | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 8.8 | Yes \n[CVE-2021-24106](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24106>) | Windows DirectX Information Disclosure Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-24098](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24098>) | Windows Console Driver Denial of Service Vulnerability | No | Yes | 5.5 | Yes \n[CVE-2021-24091](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24091>) | Windows Camera Codec Pack Remote Code Execution Vulnerability | No | No | 7.8 | No \n[CVE-2021-24079](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24079>) | Windows Backup Engine Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-1731](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1731>) | PFX Encryption Security Feature Bypass Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24082](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24082>) | Microsoft.PowerShell.Utility Module WDAC Security Feature Bypass Vulnerability | No | No | 4.3 | No \n[CVE-2021-24076](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24076>) | Microsoft Windows VMSwitch Information Disclosure Vulnerability | No | No | 5.5 | Yes \n[CVE-2021-24081](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-24081>) | Microsoft Windows Codecs Library Remote Code Execution Vulnerability | No | No | 7.8 | No \n \n### Summary Charts\n\n![Patch Tuesday - February 2021](https://blog.rapid7.com/content/images/2021/02/2021-02-vuln_count_component.png)![Patch Tuesday - February 2021](https://blog.rapid7.com/content/images/2021/02/2021-02-cvssv3_hist.png)![Patch Tuesday - February 2021](https://blog.rapid7.com/content/images/2021/02/2021-02-vuln_count_severity.png)![Patch Tuesday - February 2021](https://blog.rapid7.com/content/images/2021/02/2021-02-vuln_count_impact.png)\n\n________Note: _______Chart_______ data is reflective of data presented by Microsoft's CVRF at the time of writing.________", "cvss3": {}, "published": "2021-02-09T23:51:27", "type": "rapid7blog", "title": "Patch Tuesday - February 2021", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2020-1472", "CVE-2021-1639", "CVE-2021-1698", "CVE-2021-1721", "CVE-2021-1722", "CVE-2021-1724", "CVE-2021-1726", "CVE-2021-1727", "CVE-2021-1728", "CVE-2021-1730", "CVE-2021-1731", "CVE-2021-1732", "CVE-2021-1733", "CVE-2021-1734", "CVE-2021-21017", "CVE-2021-21142", "CVE-2021-21143", "CVE-2021-21144", "CVE-2021-21145", "CVE-2021-21146", "CVE-2021-21147", "CVE-2021-21148", "CVE-2021-24066", "CVE-2021-24067", "CVE-2021-24068", "CVE-2021-24069", "CVE-2021-24070", "CVE-2021-24071", "CVE-2021-24072", "CVE-2021-24073", "CVE-2021-24074", "CVE-2021-24075", "CVE-2021-24076", "CVE-2021-24077", "CVE-2021-24078", "CVE-2021-24079", "CVE-2021-24080", "CVE-2021-24081", "CVE-2021-24082", "CVE-2021-24083", "CVE-2021-24084", "CVE-2021-24085", "CVE-2021-24086", "CVE-2021-24087", "CVE-2021-24088", "CVE-2021-24091", "CVE-2021-24092", "CVE-2021-24093", "CVE-2021-24094", "CVE-2021-24096", "CVE-2021-24098", "CVE-2021-24099", "CVE-2021-24100", "CVE-2021-24101", "CVE-2021-24102", "CVE-2021-24103", "CVE-2021-24105", "CVE-2021-24106", "CVE-2021-24109", "CVE-2021-24111", "CVE-2021-24112", "CVE-2021-24113", "CVE-2021-24114", "CVE-2021-25195", "CVE-2021-26700", "CVE-2021-26701"], "modified": "2021-02-09T23:51:27", "id": "RAPID7BLOG:44EA89871AFF6881B909B9FD0E07034F", "href": "https://blog.rapid7.com/2021/02/09/patch-tuesday-february-2021/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}