Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Active Directory Federation Services CVE-2021-33779 Windows ADFS Security Feature Bypass Vulnerability
Common Internet File System CVE-2021-34476 Bowser.sys Denial of Service Vulnerability
Dynamics Business Central Control CVE-2021-34474 Dynamics Business Central Remote Code Execution Vulnerability
Microsoft Bing CVE-2021-33753 Microsoft Bing Search Spoofing Vulnerability
Microsoft Exchange Server CVE-2021-31206 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2021-34473 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2021-33766 Microsoft Exchange Information Disclosure Vulnerability
Microsoft Exchange Server CVE-2021-34523 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2021-31196 Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server CVE-2021-33768 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Exchange Server CVE-2021-34470 Microsoft Exchange Server Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2021-34440 GDI+ Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2021-34489 DirectWrite Remote Code Execution Vulnerability
Microsoft Graphics Component CVE-2021-34496 Windows GDI Information Disclosure Vulnerability
Microsoft Graphics Component CVE-2021-34498 Windows GDI Elevation of Privilege Vulnerability
Microsoft Graphics Component CVE-2021-34438 Windows Font Driver Host Remote Code Execution Vulnerability
Microsoft Office CVE-2021-34469 Microsoft Office Security Feature Bypass Vulnerability
Microsoft Office CVE-2021-34451 Microsoft Office Online Server Spoofing Vulnerability
Microsoft Office CVE-2021-34452 Microsoft Word Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-34501 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-34518 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-34468 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-34519 Microsoft SharePoint Server Information Disclosure Vulnerability
Microsoft Office SharePoint CVE-2021-34520 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-34517 Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office SharePoint CVE-2021-34467 Microsoft SharePoint Server Remote Code Execution Vulnerability
Microsoft Scripting Engine CVE-2021-34448 Scripting Engine Memory Corruption Vulnerability
Microsoft Windows Codecs Library CVE-2021-33778 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-31947 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-33740 Windows Media Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-33760 Media Foundation Information Disclosure Vulnerability
Microsoft Windows Codecs Library CVE-2021-33775 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-33776 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-33777 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-34521 Raw Image Extension Remote Code Execution Vulnerability
Microsoft Windows DNS CVE-2021-34499 Windows DNS Server Denial of Service Vulnerability
Microsoft Windows DNS CVE-2021-33746 Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows DNS CVE-2021-33754 Windows DNS Server Remote Code Execution Vulnerability
Microsoft Windows Media Foundation CVE-2021-34441 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft Windows Media Foundation CVE-2021-34439 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
Microsoft Windows Media Foundation CVE-2021-34503 Microsoft Windows Media Foundation Remote Code Execution Vulnerability
OpenEnclave CVE-2021-33767 Open Enclave SDK Elevation of Privilege Vulnerability
Power BI CVE-2021-31984 Power BI Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-33749 Windows DNS Snap-in Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-33745 Windows DNS Server Denial of Service Vulnerability
Role: DNS Server CVE-2021-34442 Windows DNS Server Denial of Service Vulnerability
Role: DNS Server CVE-2021-34444 Windows DNS Server Denial of Service Vulnerability
Role: DNS Server CVE-2021-34525 Windows DNS Server Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-33780 Windows DNS Server Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-34494 Windows DNS Server Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-33750 Windows DNS Snap-in Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-33752 Windows DNS Snap-in Remote Code Execution Vulnerability
Role: DNS Server CVE-2021-33756 Windows DNS Snap-in Remote Code Execution Vulnerability
Role: Hyper-V CVE-2021-33758 Windows Hyper-V Denial of Service Vulnerability
Role: Hyper-V CVE-2021-33755 Windows Hyper-V Denial of Service Vulnerability
Role: Hyper-V CVE-2021-34450 Windows Hyper-V Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-34529 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability
Visual Studio Code CVE-2021-34479 Microsoft Visual Studio Spoofing Vulnerability
Visual Studio Code - .NET Runtime CVE-2021-34477 Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
Windows Active Directory CVE-2021-33781 Active Directory Security Feature Bypass Vulnerability
Windows Address Book CVE-2021-34504 Windows Address Book Remote Code Execution Vulnerability
Windows AF_UNIX Socket Provider CVE-2021-33785 Windows AF_UNIX Socket Provider Denial of Service Vulnerability
Windows AppContainer CVE-2021-34459 Windows AppContainer Elevation Of Privilege Vulnerability
Windows AppX Deployment Extensions CVE-2021-34462 Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
Windows Authenticode CVE-2021-33782 Windows Authenticode Spoofing Vulnerability
Windows Cloud Files Mini Filter Driver CVE-2021-33784 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows Console Driver CVE-2021-34488 Windows Console Driver Elevation of Privilege Vulnerability
Windows Defender CVE-2021-34522 Microsoft Defender Remote Code Execution Vulnerability
Windows Defender CVE-2021-34464 Microsoft Defender Remote Code Execution Vulnerability
Windows Desktop Bridge CVE-2021-33759 Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-33774 Windows Event Tracing Elevation of Privilege Vulnerability
Windows File History Service CVE-2021-34455 Windows File History Service Elevation of Privilege Vulnerability
Windows Hello CVE-2021-34466 Windows Hello Security Feature Bypass Vulnerability
Windows HTML Platform CVE-2021-34446 Windows HTML Platforms Security Feature Bypass Vulnerability
Windows Installer CVE-2021-33765 Windows Installer Spoofing Vulnerability
Windows Installer CVE-2021-34511 Windows Installer Elevation of Privilege Vulnerability
Windows Installer CVE-2021-31961 Windows InstallService Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-34461 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-34508 Windows Kernel Remote Code Execution Vulnerability
Windows Kernel CVE-2021-34458 Windows Kernel Remote Code Execution Vulnerability
Windows Kernel CVE-2021-33771 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-31979 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-34514 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-34500 Windows Kernel Memory Information Disclosure Vulnerability
Windows Key Distribution Center CVE-2021-33764 Windows Key Distribution Center Information Disclosure Vulnerability
Windows Local Security Authority Subsystem Service CVE-2021-33788 Windows LSA Denial of Service Vulnerability
Windows Local Security Authority Subsystem Service CVE-2021-33786 Windows LSA Security Feature Bypass Vulnerability
Windows MSHTML Platform CVE-2021-34497 Windows MSHTML Platform Remote Code Execution Vulnerability
Windows MSHTML Platform CVE-2021-34447 Windows MSHTML Platform Remote Code Execution Vulnerability
Windows Partition Management Driver CVE-2021-34493 Windows Partition Management Driver Elevation of Privilege Vulnerability
Windows PFX Encryption CVE-2021-34492 Windows Certificate Spoofing Vulnerability
Windows Print Spooler Components CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability
Windows Projected File System CVE-2021-33743 Windows Projected File System Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager CVE-2021-34457 Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager CVE-2021-33761 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager CVE-2021-33773 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager CVE-2021-33763 Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows Remote Access Connection Manager CVE-2021-34445 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager CVE-2021-34456 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Remote Assistance CVE-2021-34507 Windows Remote Assistance Information Disclosure Vulnerability
Windows Secure Kernel Mode CVE-2021-33744 Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Windows Security Account Manager CVE-2021-33757 Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
Windows Shell CVE-2021-34454 Windows Remote Access Connection Manager Information Disclosure Vulnerability
Windows SMB CVE-2021-33783 Windows SMB Information Disclosure Vulnerability
Windows Storage Spaces Controller CVE-2021-33751 Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Storage Spaces Controller CVE-2021-34460 Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Storage Spaces Controller CVE-2021-34509 Storage Spaces Controller Information Disclosure Vulnerability
Windows Storage Spaces Controller CVE-2021-34510 Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Storage Spaces Controller CVE-2021-34512 Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Storage Spaces Controller CVE-2021-34513 Storage Spaces Controller Elevation of Privilege Vulnerability
Windows TCP/IP CVE-2021-31183 Windows TCP/IP Driver Denial of Service Vulnerability
Windows TCP/IP CVE-2021-33772 Windows TCP/IP Driver Denial of Service Vulnerability
Windows TCP/IP CVE-2021-34490 Windows TCP/IP Driver Denial of Service Vulnerability
Windows Win32K CVE-2021-34449 Win32k Elevation of Privilege Vulnerability
Windows Win32K CVE-2021-34516 Win32k Elevation of Privilege Vulnerability
Windows Win32K CVE-2021-34491 Win32k Information Disclosure Vulnerability

CVE-2021-31183 - Windows TCP/IP Driver Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-31183
MITRE
NVD
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS:

CVSS:3.0 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-31183
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Denial of Service 5003687 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Denial of Service 5003687 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Denial of Service 5003646
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Denial of Service 5003646
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Denial of Service 5003646
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Denial of Service 5003635 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Denial of Service 5003635 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Denial of Service 5003635 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Denial of Service 5003667
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Denial of Service 5003667
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Denial of Service 5003671
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Denial of Service 5003671
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Denial of Service 5003671
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Denial of Service 5003661
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Denial of Service 5003661
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Denial of Service 5003661
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Denial of Service 5003661
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Denial of Service 5003667
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Denial of Service 5003667
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Denial of Service 5003697
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Denial of Service 5003697
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Denial of Service 5003671
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Denial of Service 5003671
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Denial of Service 5003646
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Denial of Service 5003646
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Denial of Service 5003637
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-31183 None

CVE-2021-31196 - Microsoft Exchange Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-31196
MITRE
NVD
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.2/6.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-31196
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5004778 (Security Update) Important Remote Code Execution 5003435
Base: 7.2
Temporal: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 20 5004779 (Security Update) Important Remote Code Execution 5003435
Base: 7.2
Temporal: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 21 5004779 (Security Update) Important Remote Code Execution 5003435
Base: 7.2
Temporal: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 10 5004780 (Security Update) Important Remote Code Execution 5003435
Base: 7.2
Temporal: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 9 5004780 (Security Update) Important Remote Code Execution 5003435
Base: 7.2
Temporal: 6.3
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-31196 Orange Tsai (@orange_8361) with DEVCORE


CVE-2021-31206 - Microsoft Exchange Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-31206
MITRE
NVD
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.6/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Was this vulnerability found in the 2021 Pwn2Own contest?

Yes, this was one of the Exchange Server vulnerabilities found in the 2021 Pwn2Own contest.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-31206
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Exchange Server 2013 Cumulative Update 23 5004778 (Security Update) Important Remote Code Execution 5003435
Base: 7.6
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 20 5004779 (Security Update) Important Remote Code Execution 5003435
Base: 7.6
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C
Yes
Microsoft Exchange Server 2016 Cumulative Update 21 5004779 (Security Update) Important Remote Code Execution 5003435
Base: 7.6
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 10 5004780 (Security Update) Important Remote Code Execution 5003435
Base: 7.6
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C
Yes
Microsoft Exchange Server 2019 Cumulative Update 9 5004780 (Security Update) Important Remote Code Execution 5003435
Base: 7.6
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-31206 Anonymous working with Trend Micro Zero Day Initiative


CVE-2021-31947 - HEVC Video Extensions Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-31947
MITRE
NVD
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How do I get the updated app?

The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.

My system is in a disconnected environment; is it vulnerable?

Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.

How can I check if the update is installed?

If your device manufacturer preinstalled this app, package versions 1.0.41483.0 and later contain this update.

If you purchased this app from the Microsoft Store, package versions 1.0.41531.0 and later contain this update.

You can check the package version in PowerShell:

Get-AppxPackage -Name Microsoft.HEVCVideoExtension*


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-31947
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
HEVC Video Extensions Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2021-31947 Le Huu Quang Linh (@linhlhq) of STARLabs


CVE-2021-31961 - Windows InstallService Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-31961
MITRE
NVD
CVE Title: Windows InstallService Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 6.1/5.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityLow
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What privileges does the attacker gain?

An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-31961
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-31961 JeongOh Kyea (@kkokkokye) of THEORI working with Trend Micro Zero Day Initiative


CVE-2021-31984 - Power BI Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-31984
MITRE
NVD
CVE Title: Power BI Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.6/6.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS, User Interaction is Required. What interaction would the user have to do?

Exploitation of the vulnerability requires that a user import a specially crafted visual, such as a chart or a graph, and edit data within the visual.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-31984
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Power BI Report Server Details (Security Update) Important Remote Code Execution None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-31984 Daniel Gonzalez


Carlos Alberca


CVE-2021-33740 - Windows Media Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33740
MITRE
NVD
CVE Title: Windows Media Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33740
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Critical Remote Code Execution 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Critical Remote Code Execution 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Critical Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Critical Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Critical Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Critical Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Critical Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Critical Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Critical Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Critical Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Critical Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33740 HAO LI of VenusTech ADLab


CVE-2021-33743 - Windows Projected File System Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33743
MITRE
NVD
CVE Title: Windows Projected File System Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33743
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33743 k0shl


CVE-2021-33744 - Windows Secure Kernel Mode Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33744
MITRE
NVD
CVE Title: Windows Secure Kernel Mode Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 5.3/4.6
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredHigh
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33744
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Security Feature Bypass 5003635 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33744 None

CVE-2021-33753 - Microsoft Bing Search Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33753
MITRE
NVD
CVE Title: Microsoft Bing Search Spoofing Vulnerability
CVSS:

CVSS:3.0 4.7/4.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityNone
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS score, User Interaction is required. What type of user action is required?

A user will have to visit a malicious page or click on a malicious link from within the application.


How do I get the update for Bing Search for Android?

  1. Tap the Google Play icon on your home screen.
  2. Swipe in from the left edge of the screen.
  3. Tap My apps & games.
  4. Tap the Update box next to the Bing Search app.

Is there a direct link on the web?

Yes: https://play.google.com/store/apps/details?id=com.microsoft.bing&hl=en_US


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33753
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Bing Search for Android Important Spoofing None Base: 4.7
Temporal: 4.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33753 Narendra Bhati with Lead Penetration Tester at Suma Soft Pvt. Ltd. India


CVE-2021-33755 - Windows Hyper-V Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33755
MITRE
NVD
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS:

CVSS:3.0 6.3/5.5
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33755
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Denial of Service 5003646
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Denial of Service 5003635 Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Denial of Service 5003637
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Denial of Service 5003646
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Denial of Service 5003646
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Denial of Service 5003637
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Denial of Service 5003637
Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33755 Microsoft Platform Security Assurance & Vulnerability Research


CVE-2021-33757 - Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33757
MITRE
NVD
CVE Title: Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 5.3/4.6
Base score metrics
Attack VectorNetwork
Attack ComplexityHigh
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How do the security updates released on July 13, 2021 provide protections for CVE-2021-33757?

After the security updates released on July 13, 2021 or later are installed, Advanced Encryption Standard (AES) encryption will be the preferred method when using the MS-SAMR protocol to change or set account passwords on Windows clients if AES encryption is supported by the SAM server. Please see [KB5004605: Update adds AES encryption protections for CVE-2021-33757[(https://support.microsoft.com/help/5004605) for the following information:

  • Changes made by this update
  • How does this new behavior work?
  • Event logging
  • Registry settings
  • FAQ

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33757
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Security Feature Bypass 5003687 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Security Feature Bypass 5003687 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Security Feature Bypass 5003638 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Security Feature Bypass 5003638 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Security Feature Bypass 5003635 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Security Feature Bypass 5003635 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Security Feature Bypass 5003635 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Security Feature Bypass 5003667
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Security Feature Bypass 5003667
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Security Feature Bypass 5003671
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Security Feature Bypass 5003671
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Security Feature Bypass 5003671
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Security Feature Bypass 5003661
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Security Feature Bypass 5003661
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Security Feature Bypass 5003661
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Security Feature Bypass 5003661
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Security Feature Bypass 5003667
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Security Feature Bypass 5003667
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Security Feature Bypass 5003697
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Security Feature Bypass 5003697
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Security Feature Bypass 5003671
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Security Feature Bypass 5003671
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Security Feature Bypass 5003638 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Security Feature Bypass 5003638 Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Security Feature Bypass 5003646
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Security Feature Bypass 5003637
Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33757 None

CVE-2021-33758 - Windows Hyper-V Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33758
MITRE
NVD
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS:

CVSS:3.0 7.7/6.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33758
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Denial of Service 5003638 Base: 7.7
Temporal: 6.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33758 Huichen Lin and Dong Seong Kim of School of Information Technology and Electrical Engineering - The University of Queensland


CVE-2021-33759 - Windows Desktop Bridge Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33759
MITRE
NVD
CVE Title: Windows Desktop Bridge Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33759
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33759 Tao Yan (@Ga1ois) from Palo Alto Networks


CVE-2021-33760 - Media Foundation Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33760
MITRE
NVD
CVE Title: Media Foundation Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33760
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 1909 (Server Core installation) 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33760 jackery


Phan Thanh Duy, Brandon Chong, Cao YiTian of STAR Labs & Hồng Phi Phạm


CVE-2021-33761 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33761
MITRE
NVD
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33761
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Elevation of Privilege 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Elevation of Privilege 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33761 ziming zhang of Ant Security Light-Year Lab


CVE-2021-33763 - Windows Remote Access Connection Manager Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33763
MITRE
NVD
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33763
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Information Disclosure 5003687 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Information Disclosure 5003687 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Information Disclosure 5003638 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Information Disclosure 5003638 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Information Disclosure 5003646
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Information Disclosure 5003646
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Information Disclosure 5003646
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Information Disclosure 5003635 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Information Disclosure 5003671
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Information Disclosure 5003671
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Information Disclosure 5003671
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Information Disclosure 5003697
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Information Disclosure 5003697
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Information Disclosure 5003671
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Information Disclosure 5003671
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Information Disclosure 5003638 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Information Disclosure 5003638 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Information Disclosure 5003646
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Information Disclosure 5003646
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Information Disclosure 5003637
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33763 ziming zhang of Ant Security Light-Year Lab


CVE-2021-33765 - Windows Installer Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33765
MITRE
NVD
CVE Title: Windows Installer Spoofing Vulnerability
CVSS:

CVSS:3.0 6.2/5.4
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33765
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Spoofing 5003687 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Spoofing 5003687 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Spoofing 5003638 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Spoofing 5003638 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Spoofing 5003646
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Spoofing 5003646
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Spoofing 5003646
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Spoofing 5003635 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Spoofing 5003635 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Spoofing 5003635 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Spoofing 5003667
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Spoofing 5003667
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Spoofing 5003671
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Spoofing 5003671
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Spoofing 5003671
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Spoofing 5003661
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Spoofing 5003661
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Spoofing 5003661
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Spoofing 5003661
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Spoofing 5003667
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Spoofing 5003667
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Spoofing 5003697
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Spoofing 5003697
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Spoofing 5003671
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Spoofing 5003671
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Spoofing 5003638 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Spoofing 5003638 Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Spoofing 5003646
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Spoofing 5003646
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Spoofing 5003637
Base: 6.2
Temporal: 5.4
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33765 Ron Waisberg (@epsilan) of Okta


Asaf Rubinfeld of Fortinet’s FortiGuard Labs


CVE-2021-33767 - Open Enclave SDK Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33767
MITRE
NVD
CVE Title: Open Enclave SDK Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 8.2/7.1
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How do I know if I'm affected by this vulnerability?

If you have a project that used the Open Enclave SDK and you have not rebuilt it using the latest version of the SDK, you might be affected by this vulnerability. The updated SDK release is available here: https://github.com/openenclave/openenclave/releases. Confirm that you are using SDK build v0.17.1 or later.

For more information, see Open Enclave SDK Security Advisory for July 13, 2021.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33767
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Open Enclave SDK Important Elevation of Privilege None Base: 8.2
Temporal: 7.1
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33767 Zhijingcheng Yu of National University of Singapore


Jinhua Cui of National University of Singapore


Prateek Saxena of National University of Singapore


Shweta Shinde of ETH Zurich


CVE-2021-33771 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33771
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected No Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33771
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Elevation of Privilege 5003687 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Elevation of Privilege 5003687 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33771 Microsoft Threat Intelligence Center (MSTIC)
Microsoft Security Response Center (MSRC)


CVE-2021-33773 - Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33773
MITRE
NVD
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33773
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Elevation of Privilege 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Elevation of Privilege 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Elevation of Privilege 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Elevation of Privilege 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33773 ziming zhang of Ant Security Light-Year Lab


CVE-2021-33774 - Windows Event Tracing Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33774
MITRE
NVD
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33774
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Elevation of Privilege 5003635 Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Elevation of Privilege 5003646
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Elevation of Privilege 5003637
Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33774 He YiSheng, Zhang WangJunJie, and Li WenYue of Hillstone Network Security Research Institute


CVE-2021-33780 - Windows DNS Server Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-33780
MITRE
NVD
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

If my server is not configured to be a DNS server, it is vulnerable?

No, this vulnerability is only exploitable if the server is configured to be a DNS server.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-33780
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Remote Code Execution 5003667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Remote Code Execution 5003667
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Remote Code Execution 5003697
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Remote Code Execution 5003697
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Remote Code Execution 5003671
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Remote Code Execution 5003671
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5004238 (Security Update) Important Remote Code Execution 5003638 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5004238 (Security Update) Important Remote Code Execution 5003638 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5004244 (Security Update) Important Remote Code Execution 5003646
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5004244 (Security Update) Important Remote Code Execution 5003646
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-33780 Yuki Chen


CVE-2021-34441 - Microsoft Windows Media Foundation Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-34441
MITRE
NVD
CVE Title: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-07-13T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-34441
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5004249 (Security Update) Important Remote Code Execution 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5004249 (Security Update) Important Remote Code Execution 5003687 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5004238 (Security Update) Important Remote Code Execution 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5004238 (Security Update) Important Remote Code Execution 5003638 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5004244 (Security Update) Important Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5004244 (Security Update) Important Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5004244 (Security Update) Important Remote Code Execution 5003646
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5004245 (Security Update) Important Remote Code Execution 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5004245 (Security Update) Important Remote Code Execution 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5004245 (Security Update) Important Remote Code Execution 5003635 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5004237 (Security Update) Important Remote Code Execution 5003637
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Remote Code Execution 5003667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Remote Code Execution 5003667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Remote Code Execution 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5004298 (Monthly Rollup)
5004285 (Security Only)
Important Remote Code Execution 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5004298 (Monthly Rollup) Important Remote Code Execution 5003671
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5004305 (Monthly Rollup)
5004299 (Security Only)
Important Remote Code Execution 5003661
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Remote Code Execution 5003667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5004289 (Monthly Rollup)
5004307 (Security Only)
Important Remote Code Execution 5003667
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5004294 (Monthly Rollup)
5004302 (Security Only)
Important Remote Code Execution 5003697
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5004294 (Monthly Rollup)