This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Active Directory Federation Services | CVE-2021-33779 | Windows ADFS Security Feature Bypass Vulnerability |
| Common Internet File System | CVE-2021-34476 | Bowser.sys Denial of Service Vulnerability |
| Dynamics Business Central Control | CVE-2021-34474 | Dynamics Business Central Remote Code Execution Vulnerability |
| Microsoft Bing | CVE-2021-33753 | Microsoft Bing Search Spoofing Vulnerability |
| Microsoft Exchange Server | CVE-2021-31206 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-33766 | Microsoft Exchange Information Disclosure Vulnerability |
| Microsoft Exchange Server | CVE-2021-34523 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2021-31196 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| Microsoft Exchange Server | CVE-2021-33768 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Exchange Server | CVE-2021-34470 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-34440 | GDI+ Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2021-34489 | DirectWrite Remote Code Execution Vulnerability |
| Microsoft Graphics Component | CVE-2021-34496 | Windows GDI Information Disclosure Vulnerability |
| Microsoft Graphics Component | CVE-2021-34498 | Windows GDI Elevation of Privilege Vulnerability |
| Microsoft Graphics Component | CVE-2021-34438 | Windows Font Driver Host Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-34469 | Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft Office | CVE-2021-34451 | Microsoft Office Online Server Spoofing Vulnerability |
| Microsoft Office | CVE-2021-34452 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-34501 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-34518 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-34468 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-34519 | Microsoft SharePoint Server Information Disclosure Vulnerability |
| Microsoft Office SharePoint | CVE-2021-34520 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-34517 | Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2021-34467 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft Scripting Engine | CVE-2021-34448 | Scripting Engine Memory Corruption Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-33778 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-31947 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-33740 | Windows Media Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-33760 | Media Foundation Information Disclosure Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-33775 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-33776 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-33777 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-34521 | Raw Image Extension Remote Code Execution Vulnerability |
| Microsoft Windows DNS | CVE-2021-34499 | Windows DNS Server Denial of Service Vulnerability |
| Microsoft Windows DNS | CVE-2021-33746 | Windows DNS Server Remote Code Execution Vulnerability |
| Microsoft Windows DNS | CVE-2021-33754 | Windows DNS Server Remote Code Execution Vulnerability |
| Microsoft Windows Media Foundation | CVE-2021-34441 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Microsoft Windows Media Foundation | CVE-2021-34439 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| Microsoft Windows Media Foundation | CVE-2021-34503 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
| OpenEnclave | CVE-2021-33767 | Open Enclave SDK Elevation of Privilege Vulnerability |
| Power BI | CVE-2021-31984 | Power BI Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-33749 | Windows DNS Snap-in Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-33745 | Windows DNS Server Denial of Service Vulnerability |
| Role: DNS Server | CVE-2021-34442 | Windows DNS Server Denial of Service Vulnerability |
| Role: DNS Server | CVE-2021-34444 | Windows DNS Server Denial of Service Vulnerability |
| Role: DNS Server | CVE-2021-34525 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-33780 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-34494 | Windows DNS Server Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-33750 | Windows DNS Snap-in Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-33752 | Windows DNS Snap-in Remote Code Execution Vulnerability |
| Role: DNS Server | CVE-2021-33756 | Windows DNS Snap-in Remote Code Execution Vulnerability |
| Role: Hyper-V | CVE-2021-33758 | Windows Hyper-V Denial of Service Vulnerability |
| Role: Hyper-V | CVE-2021-33755 | Windows Hyper-V Denial of Service Vulnerability |
| Role: Hyper-V | CVE-2021-34450 | Windows Hyper-V Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-34529 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-34528 | Visual Studio Code Remote Code Execution Vulnerability |
| Visual Studio Code | CVE-2021-34479 | Microsoft Visual Studio Spoofing Vulnerability |
| Visual Studio Code - .NET Runtime | CVE-2021-34477 | Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability |
| Windows Active Directory | CVE-2021-33781 | Active Directory Security Feature Bypass Vulnerability |
| Windows Address Book | CVE-2021-34504 | Windows Address Book Remote Code Execution Vulnerability |
| Windows AF_UNIX Socket Provider | CVE-2021-33785 | Windows AF_UNIX Socket Provider Denial of Service Vulnerability |
| Windows AppContainer | CVE-2021-34459 | Windows AppContainer Elevation Of Privilege Vulnerability |
| Windows AppX Deployment Extensions | CVE-2021-34462 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability |
| Windows Authenticode | CVE-2021-33782 | Windows Authenticode Spoofing Vulnerability |
| Windows Cloud Files Mini Filter Driver | CVE-2021-33784 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Windows Console Driver | CVE-2021-34488 | Windows Console Driver Elevation of Privilege Vulnerability |
| Windows Defender | CVE-2021-34522 | Microsoft Defender Remote Code Execution Vulnerability |
| Windows Defender | CVE-2021-34464 | Microsoft Defender Remote Code Execution Vulnerability |
| Windows Desktop Bridge | CVE-2021-33759 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-33774 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows File History Service | CVE-2021-34455 | Windows File History Service Elevation of Privilege Vulnerability |
| Windows Hello | CVE-2021-34466 | Windows Hello Security Feature Bypass Vulnerability |
| Windows HTML Platform | CVE-2021-34446 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| Windows Installer | CVE-2021-33765 | Windows Installer Spoofing Vulnerability |
| Windows Installer | CVE-2021-34511 | Windows Installer Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-31961 | Windows InstallService Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-34461 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-34508 | Windows Kernel Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2021-34458 | Windows Kernel Remote Code Execution Vulnerability |
| Windows Kernel | CVE-2021-33771 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-31979 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-34514 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability |
| Windows Key Distribution Center | CVE-2021-33764 | Windows Key Distribution Center Information Disclosure Vulnerability |
| Windows Local Security Authority Subsystem Service | CVE-2021-33788 | Windows LSA Denial of Service Vulnerability |
| Windows Local Security Authority Subsystem Service | CVE-2021-33786 | Windows LSA Security Feature Bypass Vulnerability |
| Windows MSHTML Platform | CVE-2021-34497 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| Windows MSHTML Platform | CVE-2021-34447 | Windows MSHTML Platform Remote Code Execution Vulnerability |
| Windows Partition Management Driver | CVE-2021-34493 | Windows Partition Management Driver Elevation of Privilege Vulnerability |
| Windows PFX Encryption | CVE-2021-34492 | Windows Certificate Spoofing Vulnerability |
| Windows Print Spooler Components | CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability |
| Windows Projected File System | CVE-2021-33743 | Windows Projected File System Elevation of Privilege Vulnerability |
| Windows Remote Access Connection Manager | CVE-2021-34457 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| Windows Remote Access Connection Manager | CVE-2021-33761 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Windows Remote Access Connection Manager | CVE-2021-33773 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Windows Remote Access Connection Manager | CVE-2021-33763 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| Windows Remote Access Connection Manager | CVE-2021-34445 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Windows Remote Access Connection Manager | CVE-2021-34456 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
| Windows Remote Assistance | CVE-2021-34507 | Windows Remote Assistance Information Disclosure Vulnerability |
| Windows Secure Kernel Mode | CVE-2021-33744 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability |
| Windows Security Account Manager | CVE-2021-33757 | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability |
| Windows Shell | CVE-2021-34454 | Windows Remote Access Connection Manager Information Disclosure Vulnerability |
| Windows SMB | CVE-2021-33783 | Windows SMB Information Disclosure Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-33751 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-34460 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-34509 | Storage Spaces Controller Information Disclosure Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-34510 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-34512 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| Windows Storage Spaces Controller | CVE-2021-34513 | Storage Spaces Controller Elevation of Privilege Vulnerability |
| Windows TCP/IP | CVE-2021-31183 | Windows TCP/IP Driver Denial of Service Vulnerability |
| Windows TCP/IP | CVE-2021-33772 | Windows TCP/IP Driver Denial of Service Vulnerability |
| Windows TCP/IP | CVE-2021-34490 | Windows TCP/IP Driver Denial of Service Vulnerability |
| Windows Win32K | CVE-2021-34449 | Win32k Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2021-34516 | Win32k Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2021-34491 | Win32k Information Disclosure Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31183 MITRE NVD |
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31183 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Denial of Service | 5003687 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Denial of Service | 5003687 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-31183 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31196 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.2/6.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31196 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5004778 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5004779 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 21 | 5004779 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 10 | 5004780 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5004780 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.2 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-31196 | Orange Tsai (@orange_8361) with DEVCORE |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31206 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.6/7.1
FAQ: Was this vulnerability found in the 2021 Pwn2Own contest? Yes, this was one of the Exchange Server vulnerabilities found in the 2021 Pwn2Own contest. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31206 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5004778 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.6 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5004779 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.6 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 21 | 5004779 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.6 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 10 | 5004780 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.6 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5004780 (Security Update) | Important | Remote Code Execution | 5003435 |
Base: 7.6 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-31206 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31947 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.41483.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.41531.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31947 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-31947 | Le Huu Quang Linh (@linhlhq) of STARLabs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31961 MITRE NVD |
CVE Title: Windows InstallService Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: What privileges does the attacker gain? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31961 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-31961 | JeongOh Kyea (@kkokkokye) of THEORI working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31984 MITRE NVD |
CVE Title: Power BI Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user import a specially crafted visual, such as a chart or a graph, and edit data within the visual. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31984 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Power BI Report Server | Details (Security Update) | Important | Remote Code Execution | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-31984 | Daniel Gonzalez
Carlos Alberca |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33740 MITRE NVD |
CVE Title: Windows Media Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33740 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33740 | HAO LI of VenusTech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33743 MITRE NVD |
CVE Title: Windows Projected File System Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33743 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33743 | k0shl |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33744 MITRE NVD |
CVE Title: Windows Secure Kernel Mode Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33744 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33744 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33753 MITRE NVD |
CVE Title: Microsoft Bing Search Spoofing Vulnerability
CVSS: CVSS:3.0 4.7/4.1
FAQ: According to the CVSS score, User Interaction is required. What type of user action is required? A user will have to visit a malicious page or click on a malicious link from within the application. How do I get the update for Bing Search for Android?
Is there a direct link on the web? Yes: https://play.google.com/store/apps/details?id=com.microsoft.bing&hl=en_US Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33753 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Bing Search for Android | Important | Spoofing | None | Base: 4.7 Temporal: 4.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-33753 | Narendra Bhati with Lead Penetration Tester at Suma Soft Pvt. Ltd. India |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33755 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.0 6.3/5.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33755 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33755 | Microsoft Platform Security Assurance & Vulnerability Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33757 MITRE NVD |
CVE Title: Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: How do the security updates released on July 13, 2021 provide protections for CVE-2021-33757? After the security updates released on July 13, 2021 or later are installed, Advanced Encryption Standard (AES) encryption will be the preferred method when using the MS-SAMR protocol to change or set account passwords on Windows clients if AES encryption is supported by the SAM server. Please see [KB5004605: Update adds AES encryption protections for CVE-2021-33757[(https://support.microsoft.com/help/5004605) for the following information:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33757 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Security Feature Bypass | 5003687 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Security Feature Bypass | 5003687 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Security Feature Bypass | 5003667 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Security Feature Bypass | 5003667 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Security Feature Bypass | 5003671 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Security Feature Bypass | 5003671 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Security Feature Bypass | 5003671 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Security Feature Bypass | 5003667 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Security Feature Bypass | 5003667 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Security Feature Bypass | 5003697 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Security Feature Bypass | 5003697 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Security Feature Bypass | 5003671 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Security Feature Bypass | 5003671 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33757 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33758 MITRE NVD |
CVE Title: Windows Hyper-V Denial of Service Vulnerability
CVSS: CVSS:3.0 7.7/6.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33758 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33758 | Huichen Lin and Dong Seong Kim of School of Information Technology and Electrical Engineering - The University of Queensland |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33759 MITRE NVD |
CVE Title: Windows Desktop Bridge Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33759 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33759 | Tao Yan (@Ga1ois) from Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33760 MITRE NVD |
CVE Title: Media Foundation Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33760 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 1909 (Server Core installation) | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33760 | jackery Phan Thanh Duy, Brandon Chong, Cao YiTian of STAR Labs & Hồng Phi Phạm |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33761 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33761 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33761 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33763 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33763 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33763 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33765 MITRE NVD |
CVE Title: Windows Installer Spoofing Vulnerability
CVSS: CVSS:3.0 6.2/5.4
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33765 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Spoofing | 5003687 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Spoofing | 5003687 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Spoofing | 5003671 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Spoofing | 5003697 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Spoofing | 5003697 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 6.2 Temporal: 5.4 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33765 | Ron Waisberg (@epsilan) of Okta Asaf Rubinfeld of Fortinet’s FortiGuard Labs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33767 MITRE NVD |
CVE Title: Open Enclave SDK Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.2/7.1
FAQ: How do I know if I'm affected by this vulnerability? If you have a project that used the Open Enclave SDK and you have not rebuilt it using the latest version of the SDK, you might be affected by this vulnerability. The updated SDK release is available here: https://github.com/openenclave/openenclave/releases. Confirm that you are using SDK build v0.17.1 or later. For more information, see Open Enclave SDK Security Advisory for July 13, 2021. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33767 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Open Enclave SDK | Important | Elevation of Privilege | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-33767 | Zhijingcheng Yu of National University of Singapore Jinhua Cui of National University of Singapore Prateek Saxena of National University of Singapore Shweta Shinde of ETH Zurich |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33771 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33771 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33771 | Microsoft Threat Intelligence Center (MSTIC) Microsoft Security Response Center (MSRC) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33773 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33773 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33773 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33774 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33774 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33774 | He YiSheng, Zhang WangJunJie, and Li WenYue of Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33780 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33780 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33780 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34441 MITRE NVD |
CVE Title: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34441 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34441 | HAO LI of VenusTech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34442 MITRE NVD |
CVE Title: Windows DNS Server Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34442 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34442 | Yuki Chen ZhiyiZhang from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34491 MITRE NVD |
CVE Title: Win32k Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34491 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34491 | RanchoIce of Singular Security Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34492 MITRE NVD |
CVE Title: Windows Certificate Spoofing Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34492 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Spoofing | 5003687 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Spoofing | 5003687 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Spoofing | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Spoofing | 5003697 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Spoofing | 5003697 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34492 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34493 MITRE NVD |
CVE Title: Windows Partition Management Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 6.7/5.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34493 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 6.7 Temporal: 5.8 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34493 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34444 MITRE NVD |
CVE Title: Windows DNS Server Denial of Service Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34444 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34444 | Yuki Chen Strawberry from Qi'anxin CERT Zhiyi Zhang And Liubenjin from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34494 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34494 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Critical | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Critical | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Critical | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Critical | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34494 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34445 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34445 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34445 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34446 MITRE NVD |
CVE Title: Windows HTML Platforms Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34446 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Security Feature Bypass | 5003687 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Security Feature Bypass | 5003687 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Important | Security Feature Bypass | 5003667 5003636 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Important | Security Feature Bypass | 5003667 5003636 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Important | Security Feature Bypass | 5003636 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Important | Security Feature Bypass | 5003636 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Security Feature Bypass | 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004233 (IE Cumulative) 5004305 (Monthly Rollup) |
Important | Security Feature Bypass | 5003636 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004233 (IE Cumulative) 5004305 (Monthly Rollup) |
Important | Security Feature Bypass | 5003636 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Important | Security Feature Bypass | 5003667 5003636 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004233 (IE Cumulative) 5004294 (Monthly Rollup) |
Important | Security Feature Bypass | 5003636 5003697 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Important | Security Feature Bypass | 5003636 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34446 | khangkito - Trần Văn Khang with VinCSS |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34496 MITRE NVD |
CVE Title: Windows GDI Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34496 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34496 | Zhangjie and willJ |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34447 MITRE NVD |
CVE Title: Windows MSHTML Platform Remote Code Execution Vulnerability
CVSS: CVSS:3.0 6.8/5.9
FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34447 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Important | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Important | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Important | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Important | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004233 (IE Cumulative) 5004305 (Monthly Rollup) |
Important | Remote Code Execution | 5003636 5003661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004233 (IE Cumulative) 5004305 (Monthly Rollup) |
Important | Remote Code Execution | 5003636 5003661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Important | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004233 (IE Cumulative) 5004294 (Monthly Rollup) |
Important | Remote Code Execution | 5003636 5003697 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Important | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34447 | Yuki Chen Yuki Chen Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34497 MITRE NVD |
CVE Title: Windows MSHTML Platform Remote Code Execution Vulnerability
CVSS: CVSS:3.0 6.8/5.9
FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34497 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Critical | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Critical | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Critical | Remote Code Execution | 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004233 (IE Cumulative) 5004305 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004233 (IE Cumulative) 5004305 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003661 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Critical | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004233 (IE Cumulative) 5004294 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003697 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 5.9 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34497 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34448 MITRE NVD |
CVE Title: Scripting Engine Memory Corruption Vulnerability
CVSS: CVSS:3.0 6.8/6.3
FAQ: Is user interaction required to exploit this vulnerability? Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34448 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Critical | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Critical | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Critical | Remote Code Execution | 5003671 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004233 (IE Cumulative) |
Critical | Remote Code Execution | 5003667 5003636 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004233 (IE Cumulative) 5004294 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003697 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004233 (IE Cumulative) 5004298 (Monthly Rollup) |
Critical | Remote Code Execution | 5003636 5003671 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 6.8 Temporal: 6.3 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34448 | yangkang(@dnpushme)&bianliang&wanggang&lihongfei of 360 ATA |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34498 MITRE NVD |
CVE Title: Windows GDI Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34498 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34498 | Marcin Wiązowski working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34449 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34449 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34449 | 晏子霜在线征婚 (@YanZiShuang) of Big CJTeam |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34499 MITRE NVD |
CVE Title: Windows DNS Server Denial of Service Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34499 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34499 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34450 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.5/7.4
FAQ: How would an attacker exploit this vulnerability? This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34450 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.5 Temporal: 7.4 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34450 | Microsoft Platform Security Assurance & Vulnerability Research |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34500 MITRE NVD |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.3/5.5
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Guest VM to Hyper-V host server - virtualization security boundary. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory from the file cache. This could include unintentional read access to memory contents in kernel space from a user mode process, and on a Hyper-V server this could result in Guest VM to Hyper-V host server memory content disclosure. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34500 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34500 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34501 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34501 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2013 RT Service Pack 1 | 5001993 (Security Update) | Important | Remote Code Execution | 5001963 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5001993 (Security Update) | Important | Remote Code Execution | 5001963 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5001993 (Security Update) | Important | Remote Code Execution | 5001963 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 5001977 (Security Update) | Important | Remote Code Execution | 5001947 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5001977 (Security Update) | Important | Remote Code Execution | 5001947 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Online Server | 5001973 (Security Update) | Important | Remote Code Execution | 5001943 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34501 | 14 working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34452 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34452 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Word 2016 (32-bit edition) | 5001949 (Security Update) | Important | Remote Code Execution | 5001919 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Word 2016 (64-bit edition) | 5001949 (Security Update) | Important | Remote Code Execution | 5001919 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34452 | Le Huu Quang Linh (@linhlhq) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34467 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34467 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 5001976 (Security Update) | Important | Remote Code Execution | 5001946 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5001992 (Security Update) | Important | Remote Code Execution | 5001962 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 5001975 (Security Update) | Important | Remote Code Execution | 5001944 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34467 | Thomas Moore, Signal Hill Technologies, https://www.signalhill.tech |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34518 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34518 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Excel 2013 RT Service Pack 1 | 5001993 (Security Update) | Important | Remote Code Execution | 5001963 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5001993 (Security Update) | Important | Remote Code Execution | 5001963 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5001993 (Security Update) | Important | Remote Code Execution | 5001963 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 5001977 (Security Update) | Important | Remote Code Execution | 5001947 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5001977 (Security Update) | Important | Remote Code Execution | 5001947 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 5001986 (Security Update) | Important | Remote Code Execution | 5001956 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34518 | Jinquan(@jq0904) of DBAPPSecurity Lieying Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34468 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: Is user interaction required to exploit this vulnerability? Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34468 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 5001976 (Security Update) | Important | Remote Code Execution | 5001946 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5001992 (Security Update) | Important | Remote Code Execution | 5001962 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 5001975 (Security Update) | Important | Remote Code Execution | 5001944 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34468 | Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative
|
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34519 MITRE NVD |
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.3/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII). There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Moderate | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34519 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5001984 (Security Update) | Moderate | Information Disclosure | 5001954 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 5001976 (Security Update) 5001981 (Security Update) |
Moderate | Information Disclosure | 5001946 5001922 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5001992 (Security Update) 5001996 (Security Update) |
Moderate | Information Disclosure | 5001962 5001939 |
Base: 5.3 Temporal: 4.8 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34519 | mr_me working with Trend Micro Zero Day Initiative
|
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34469 MITRE NVD |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 8.2/7.1
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Is user interaction required to exploit this vulnerability? Yes. In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34469 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2013 RT Service Pack 1 | 5001983 (Security Update) | Important | Security Feature Bypass | 5001950 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5001983 (Security Update) | Important | Security Feature Bypass | 5001950 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5001983 (Security Update) | Important | Security Feature Bypass | 5001950 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 5001979 (Security Update) | Important | Security Feature Bypass | 5001950 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5001979 (Security Update) | Important | Security Feature Bypass | 5001950 | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 8.2 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-34469 | Ben Faull of Microsoft Corporation |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34520 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34520 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 5001976 (Security Update) | Important | Remote Code Execution | 5001946 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5001992 (Security Update) | Important | Remote Code Execution | 5001962 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 5001975 (Security Update) | Important | Remote Code Execution | 5001944 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34520 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34521 MITRE NVD |
CVE Title: Raw Image Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is Windows vulnerable in the default configuration? No. Only customers who have installed this app from the Microsoft Store may be vulnerable. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 1.0.41311.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34521 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34521 | This vulnerability was discovered by Wayne Low of Fortinet’s FortiGuard Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34523 MITRE NVD |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 9.0/7.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. This CVE was addressed by updates that were released in April 2021, but the CVE was inadvertently omitted from the April 2021 Security Updates. This is an informational change only. Customers who have already installed the April 2021 update do not need to take any further action. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34523 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Important | Elevation of Privilege | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Important | Elevation of Privilege | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Important | Elevation of Privilege | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Important | Elevation of Privilege | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Important | Elevation of Privilege | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-34523 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34473 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.1/7.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. This CVE was addressed by updates that were released in April 2021, but the CVE was inadvertently omitted from the April 2021 Security Updates. This is an informational change only. Customers who have already installed the April 2021 update do not need to take any further action. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34473 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.1 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.1 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.1 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.1 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Critical | Remote Code Execution | Base: 9.1 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-34473 | Anonymous working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34474 MITRE NVD |
CVE Title: Dynamics Business Central Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: The CVSS scores for this vulnerability indicate that there is a Scope Change. Can the exploit move from Dynamics Business Central to the underlying operating system? An attacker who successfully exploited this vulnerability could use it to pivot from the machine to the rest of the network. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34474 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 1 - Update 16.14 | 5004717 (Security Update) | Critical | Remote Code Execution | 4549687 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 2 - Update 17.8 | 5004716 (Security Update) | Critical | Remote Code Execution | 4253507 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.3 | 5004715 (Security Update) | Critical | Remote Code Execution | 5003500 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34474 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34476 MITRE NVD |
CVE Title: Bowser.sys Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34476 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Denial of Service | 5003687 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Denial of Service | 5003687 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34476 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34528 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34528 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34528 | David Dworken |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34479 MITRE NVD |
CVE Title: Microsoft Visual Studio Spoofing Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34479 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Spoofing | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34479 | Daniel Santos (https://twitter.com/bananabr) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-31979 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-31979 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-31979 | Microsoft Threat Intelligence Center (MSTIC) Microsoft Security Response Center (MSRC) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33745 MITRE NVD |
CVE Title: Windows DNS Server Denial of Service Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33745 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33745 | Yuki Chen Ting Yu from CERT Team of Legendsec at Qi'anxin Group ZhiyiZhang from Codesafe Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33746 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33746 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33746 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33749 MITRE NVD |
CVE Title: Windows DNS Snap-in Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: How could an attacker exploit the vulnerability? An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33749 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33749 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33750 MITRE NVD |
CVE Title: Windows DNS Snap-in Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: How could an attacker exploit the vulnerability? An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33750 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33750 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33751 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33751 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33751 | vbty Fabien Perigaud (@0xf4b) from Synacktiv (@Synacktiv) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33752 MITRE NVD |
CVE Title: Windows DNS Snap-in Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: How could an attacker exploit the vulnerability? An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33752 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33752 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33754 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33754 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33754 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33756 MITRE NVD |
CVE Title: Windows DNS Snap-in Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: How could an attacker exploit the vulnerability? An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33756 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33756 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33764 MITRE NVD |
CVE Title: Windows Key Distribution Center Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.9/5.2
FAQ: What type of information could be disclosed by this vulnerability? The vulnerable component uses a weak encryption algorithm or cipher. Traffic sent over a network by the vulnerable component could be decrypted and expose information related to a user or service's active session. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33764 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.9 Temporal: 5.2 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33764 | Windows Authentication Dev Team |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33766 MITRE NVD |
CVE Title: Microsoft Exchange Information Disclosure Vulnerability
CVSS: CVSS:3.0 7.3/6.4
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Personally Identifiable Information (PII). Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. This CVE was addressed by updates that were released in April 2021, but the CVE was inadvertently omitted from the April 2021 Security Updates. This is an informational change only. Customers who have already installed the April 2021 update do not need to take any further action. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33766 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5001779 (Security Update) | Important | Information Disclosure | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 19 | 5001779 (Security Update) | Important | Information Disclosure | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5001779 (Security Update) | Important | Information Disclosure | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 8 | 5001779 (Security Update) | Important | Information Disclosure | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes | |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5001779 (Security Update) | Important | Information Disclosure | Base: 7.3 Temporal: 6.4 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes | |
| CVE ID | Acknowledgements |
| CVE-2021-33766 | LE XUAN TUYEN - VNPT ISC working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33768 MITRE NVD |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: According to the CVSS, the attack vector is Adjacent. What does that mean and how does that differentiate from a Network vector? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done accross the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33768 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2016 Cumulative Update 20 | 5004779 (Security Update) | Important | Elevation of Privilege | 5003435 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 21 | 5004779 (Security Update) | Important | Elevation of Privilege | 5003435 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 10 | 5004780 (Security Update) | Important | Elevation of Privilege | 5003435 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 9 | 5004780 (Security Update) | Important | Elevation of Privilege | 5003435 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33768 | Orange Tsai (@orange_8361) with DEVCORE Dlive(@D1iv3) of Tencent Security Xuanwu Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33772 MITRE NVD |
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33772 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33772 | Polar Bear at Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33775 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.41483.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.41531.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33775 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-33775 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33776 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.41483.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.41531.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33776 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-33776 | Le Huu Quang Linh (@linhlhq) of STARLabs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33777 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.41483.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.41531.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33777 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-33777 | Dhanesh Kizhakkinan of FireEye Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33778 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.41483.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.41531.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33778 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-33778 | Dhanesh Kizhakkinan of FireEye Inc. crashman of codemize security research lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33779 MITRE NVD |
CVE Title: Windows ADFS Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: What kind of security feature could be bypassed by exploiting this vulnerability? This vulnerability relates to Primary Refresh Tokens which are usually stored in TPM. These tokens are usually used for SSO for Azure AD accounts. The tokens are not encrypted in a strong enough manner, and an administrator with access to a vulnerable system could extract and potentially decrypt the token for reuse until the token expires or is renewed. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33779 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2016 | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33779 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33781 MITRE NVD |
CVE Title: Active Directory Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33781 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004235 (Security Update) | Important | Security Feature Bypass | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes | |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33781 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33782 MITRE NVD |
CVE Title: Windows Authenticode Spoofing Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33782 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Spoofing | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Spoofing | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Spoofing | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Spoofing | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Spoofing | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Spoofing | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Spoofing | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Spoofing | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Spoofing | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Spoofing | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Spoofing | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Spoofing | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33782 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33783 MITRE NVD |
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33783 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33783 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33784 MITRE NVD |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33784 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33784 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33785 MITRE NVD |
CVE Title: Windows AF_UNIX Socket Provider Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33785 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33785 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33786 MITRE NVD |
CVE Title: Windows LSA Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: What kind of security feature could be bypassed by exploiting this vulnerability? A read only domain controller (RODC) is able to delegate rights by granting itself a ticket. A full DC does not validate the ticket thus granting R/W privileges to a DC that should only have read privileges. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33786 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Security Feature Bypass | 5003661 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Security Feature Bypass | 5003667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Security Feature Bypass | 5003667 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Security Feature Bypass | 5003697 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Security Feature Bypass | 5003697 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Security Feature Bypass | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Security Feature Bypass | 5003671 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Security Feature Bypass | 5003638 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33786 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-33788 MITRE NVD |
CVE Title: Windows LSA Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-33788 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Denial of Service | 5003687 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Denial of Service | 5003687 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Denial of Service | 5003661 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Denial of Service | 5003667 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Denial of Service | 5003697 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Denial of Service | 5003671 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Denial of Service | 5003638 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-33788 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34438 MITRE NVD |
CVE Title: Windows Font Driver Host Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34438 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34438 | Yiğit Can YILMAZ (@yilmazanyigit) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34439 MITRE NVD |
CVE Title: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34439 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Critical | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34439 | HAO LI of VenusTech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34488 MITRE NVD |
CVE Title: Windows Console Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34488 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34488 | Vbty |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34489 MITRE NVD |
CVE Title: DirectWrite Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34489 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34489 | HAO LI of VenusTech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34440 MITRE NVD |
CVE Title: GDI+ Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34440 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34440 | Andy Keqi Hu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34490 MITRE NVD |
CVE Title: Windows TCP/IP Driver Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34490 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Denial of Service | 5003635 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Denial of Service | 5003646 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Denial of Service | 5003637 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34490 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34451 MITRE NVD |
CVE Title: Microsoft Office Online Server Spoofing Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34451 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Office Online Server | 5001973 (Security Update) | Important | Spoofing | 5001943 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34451 | Pio |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34503 MITRE NVD |
CVE Title: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34503 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Critical | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34503 | Phan Thanh Duy (PTDuy) of STAR Labs & Phạm Hồng Phi (4nhdaden) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34454 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized and/or uninitialized memory in the process heap. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34454 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34454 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34504 MITRE NVD |
CVE Title: Windows Address Book Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34504 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Remote Code Execution | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Remote Code Execution | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Remote Code Execution | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Remote Code Execution | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34504 | BOXER (@SecBoxer) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34455 MITRE NVD |
CVE Title: Windows File History Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34455 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34455 | Tao Yan (@Ga1ois) from Palo Alto Networks |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34456 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34456 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34456 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34457 MITRE NVD |
CVE Title: Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34457 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34457 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34507 MITRE NVD |
CVE Title: Windows Remote Assistance Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34507 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Information Disclosure | 5003687 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Information Disclosure | 5003661 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Information Disclosure | 5003667 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Information Disclosure | 5003697 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Information Disclosure | 5003671 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34507 | Chris Alladoum of SophosLabs, Sophos Ltd Tomer Bar @ SafeBreach and Eran Segal @ SafeBreach |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34458 MITRE NVD |
CVE Title: Windows Kernel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.9/8.6
FAQ: How do I know if I'm affected by this vulnerability? This issue allows a single root input/output virtualization (SR-IOV) device which is assigned to a guest to potentially interfere with its Peripheral Component Interface Express (PCIe) siblings which are attached to other guests or to the root. You will be vulnerable if you implement the following:
Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34458 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2016 | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 9.9 Temporal: 8.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34458 | Cody Hartwig of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34508 MITRE NVD |
CVE Title: Windows Kernel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34508 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Remote Code Execution | 5003635 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34508 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34459 MITRE NVD |
CVE Title: Windows AppContainer Elevation Of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34459 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34459 | Alex Ionescu, CrowdStrike Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34509 MITRE NVD |
CVE Title: Storage Spaces Controller Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34509 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Information Disclosure | 5003635 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Information Disclosure | 5003638 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Information Disclosure | 5003646 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Information Disclosure | 5003637 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34509 | k0shl Vbty |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34460 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34460 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34460 | vbty k0shl |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34510 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34510 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34510 | Le Huu Quang Linh of STARlabs z3r09 from Viettel Cyber Security working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34511 MITRE NVD |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34511 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34511 | Polar Bear at Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34461 MITRE NVD |
CVE Title: Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34461 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34461 | k0shl |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34512 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34512 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34512 | Le Huu Quang Linh of STARlabs nghiadt12 and huyna of Viettel Cyber Security working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34462 MITRE NVD |
CVE Title: Windows AppX Deployment Extensions Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34462 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34462 | Tao Yan (@Ga1ois) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34513 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34513 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34513 | nghiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative Le Huu Quang Linh (@linhlhq) from Vietnam National Cyber Security Center (NCSC Vietnam) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34514 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34514 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004235 (Security Update) | Important | Elevation of Privilege | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34514 | Erik Egsgard with Field Effect Software |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||
| CVE-2021-34464 MITRE NVD |
CVE Title: Microsoft Defender Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ:
See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment. How often are the Microsoft Malware Protection Engine and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Microsoft Malware Protection Engine? The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default? Defender runs on all supported version of Windows. Are there other products that use the Microsoft Malware Protection Engine? Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Suggested ActionsVerify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.18242.0 or later. If necessary, install the update Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment. For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users that do not wish to wait can manually update their antimalware software. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34464 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Malware Protection Engine | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-34464 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34516 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34516 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004249 (Security Update) | Important | Elevation of Privilege | 5003687 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Elevation of Privilege | 5003635 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004298 (Monthly Rollup) | Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004305 (Monthly Rollup) 5004299 (Security Only) |
Important | Elevation of Privilege | 5003661 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004289 (Monthly Rollup) 5004307 (Security Only) |
Important | Elevation of Privilege | 5003667 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004294 (Monthly Rollup) 5004302 (Security Only) |
Important | Elevation of Privilege | 5003697 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Elevation of Privilege | 5003671 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Elevation of Privilege | 5003638 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Elevation of Privilege | 5003646 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Important | Elevation of Privilege | 5003637 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34516 | Marcin Wiazowski working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34466 MITRE NVD |
CVE Title: Windows Hello Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.7/5.0
FAQ: Where can I find more information about Windows Hello Face Authentication? Please see Windows Hello Face Authentication for updated details. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34466 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004244 (Security Update) | Important | Security Feature Bypass | 5003646 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004245 (Security Update) | Important | Security Feature Bypass | 5003635 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004237 (Security Update) | Important | Security Feature Bypass | 5003637 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34466 | Omer Tsarfati, CyberArk Labs, https://labs.cyberark.com |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34517 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34517 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5001984 (Security Update) | Important | Spoofing | 5001954 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Enterprise Server 2016 | 5001976 (Security Update) | Important | Spoofing | 5001946 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5001992 (Security Update) | Important | Spoofing | 5001962 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 5001975 (Security Update) | Important | Spoofing | 5001944 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34517 | Markus Wulftange |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34470 MITRE NVD |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: Why are the links to the download center and KB articles for the CVE pointing to the June Cumulative Update for Exchange Server 2019 and Exchange Server 2016? This vulnerability involved a schema change and therefore needed to be fixed in a cumulative update. For these versions, this vulnerability was addressed in the cumulative updated released on June 29, 2021. According to the CVSS, the attack vector is Adjacent. What does that mean and how does that differentiate from a Network vector? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done accross the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34470 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Exchange Server 2013 Cumulative Update 23 | 5004778 (Security Update) | Important | Elevation of Privilege | 5003435 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2016 Cumulative Update 21 | 5003611 (Security Update) | Important | Elevation of Privilege | 5003435 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Microsoft Exchange Server 2019 Cumulative Update 10 | 5003612 (Security Update) | Important | Elevation of Privilege | 5003435 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34470 | James Forshaw of Google Project Zero with |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||
| CVE-2021-34522 MITRE NVD |
CVE Title: Microsoft Defender Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ:
See Manage Updates Baselines Microsoft Defender Antivirus for more information. Microsoft Defender is disabled in my environment, why are vulnerability scanners showing that I am vulnerable to this issue? Vulnerability scanners are looking for specific binaries and version numbers on devices. Microsoft Defender files are still on disk even when disabled. Systems that have disabled Microsoft Defender are not in an exploitable state. Why is no action required to install this update? In response to a constantly changing threat landscape, Microsoft frequently updates malware definitions and the Microsoft Malware Protection Engine. In order to be effective in helping protect against new and prevalent threats, antimalware software must be kept up to date with these updates in a timely manner. For enterprise deployments as well as end users, the default configuration in Microsoft antimalware software helps ensure that malware definitions and the Microsoft Malware Protection Engine are kept up to date automatically. Product documentation also recommends that products are configured for automatic updating. Best practices recommend that customers regularly verify whether software distribution, such as the automatic deployment of Microsoft Malware Protection Engine updates and malware definitions, is working as expected in their environment. How often are the Microsoft Malware Protection Engine and malware definitions updated? Microsoft typically releases an update for the Microsoft Malware Protection Engine once a month or as needed to protect against new threats. Microsoft also typically updates the malware definitions three times daily and can increase the frequency when needed. Depending on which Microsoft antimalware software is used and how it is configured, the software may search for engine and definition updates every day when connected to the Internet, up to multiple times daily. Customers can also choose to manually check for updates at any time. What is the Microsoft Malware Protection Engine? The Microsoft Malware Protection Engine, mpengine.dll, provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. Windows Defender uses the Microsoft Malware Protection Engine. On which products is Defender installed and active by default? Defender runs on all supported version of Windows. Are there other products that use the Microsoft Malware Protection Engine? Yes, Microsoft System Center Endpoint Protection, Microsoft System Center 2012 R2 Endpoint Protection, Microsoft System Center 2012 Endpoint Protection and Microsoft Security Essentials. Does this update contain any additional security-related changes to functionality? Yes. In addition to the changes that are listed for this vulnerability, this update includes defense-in-depth updates to help improve security-related features. Suggested ActionsVerify that the update is installed Customers should verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded and installed for their Microsoft antimalware products.
For affected software, verify that the Microsoft Malware Protection Engine version is 1.1.18242.0 or later. If necessary, install the update Administrators of enterprise antimalware deployments should ensure that their update management software is configured to automatically approve and distribute engine updates and new malware definitions. Enterprise administrators should also verify that the latest version of the Microsoft Malware Protection Engine and definition updates are being actively downloaded, approved and deployed in their environment. For end-users, the affected software provides built-in mechanisms for the automatic detection and deployment of this update. For these customers, the update will be applied within 48 hours of its availability. The exact time frame depends on the software used, Internet connection, and infrastructure configuration. End users that do not wish to wait can manually update their antimalware software. Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34522 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Malware Protection Engine | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-34522 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34525 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution, Defense in Depth |
||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34525 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2012 R2 | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004298 (Monthly Rollup) 5004285 (Security Only) |
Important | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004238 (Security Update) | Important | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004244 (Security Update) | Important | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004237 (Security Update) | Low | Defense in Depth | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004237 (Security Update) | Low | Defense in Depth | 5003637 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34525 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34527 MITRE NVD |
CVE Title: Windows Print Spooler Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/8.2
FAQ: Is this the vulnerability that has been referred to publicly as PrintNightmare? Yes, Microsoft has assigned CVE-2021-34527 to this vulnerability. Is this vulnerability related to CVE-2021-1675? This vulnerability is similar but distinct from the vulnerability that is assigned CVE-2021-1675. The attack vector is different as well. CVE-2021-1675 was addressed by the security update released on June 8, 2021. Did the June 2021 update introduce this vulnerability? No, the vulnerability existed before the June 8, 2021 security update. All versions of Windows are listed in the Security Updates table. Are all versions vulnerable? All versions of Windows are vulnerable. As of July 7, 2021, Microsoft has released security updates for this vulnerability for all supported versions of Windows listed in the security updates table in this CVE. What vulnerabilities do the security updates released on and after July 6, 2021 address? The security updates released on and after July 6, 2021 contain protections for a remote code execution exploit in the Windows Print Spooler service known as “PrintNightmare”, documented in CVE-2021-34527, as well as for CVE-2021-1675. Are Domain Controllers known to be affected by the vulnerability? Domain controllers are affected if the print spooler service is enabled. Are client systems and member servers that are not domain controllers known to be affected by the vulnerability? Yes. All editions of Windows are affected. How can I see attack activity on my network related to this vulnerability? Security products, like Microsoft 365 Defender, offer different ways to view relevant alerts and telemetry. Microsoft has published our recommendations for seeing this sort of behavior at our GitHub here: Microsoft 365 Defender Hunting Queries. Customers using other technologies can adapt this logic for use in their environments. How is Point and Print technology affected by this particular vulnerability? Point and Print is not directly related to this vulnerability, but certain configurations make systems vulnerable to exploitation. How does Microsoft recommend implementing Point and Print restrictions to help secure my systems? Please see KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates for complete information. How do I assess my Point and Print security posture to determine if my Windows system is affected by this particular configuration? Please see KB5005010: Restricting installation of new printer drivers after applying the July 6, 2021 updates for complete information. Mitigations: None Workarounds: Determine if the Print Spooler service is running Run the following in Windows PowerShell:
If the Print Spooler is running or if the service is not set to disabled, select one of the following options to either disable the Print Spooler service, or to Disable inbound remote printing through Group Policy: Option 1 - Disable the Print Spooler service If disabling the Print Spooler service is appropriate for your enterprise, use the following PowerShell commands:
Impact of workaround Disabling the Print Spooler service disables the ability to print both locally and remotely. Option 2 - Disable inbound remote printing through Group Policy You can also configure the settings via Group Policy as follows: Computer Configuration / Administrative Templates / Printers Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks. You must restart the Print Spooler service for the group policy to take effect. Impact of workaround This policy will block the remote attack vector by preventing inbound remote printing operations. The system will no longer function as a print server, but local printing to a directly attached device will still be possible. For more information see: Use Group Policy settings to control printers. Revision: 1.3 2021-07-02T07:00:00Z Updated FAQ information. This is an informational change only. 1.4 2021-07-03T07:00:00Z Updated FAQ information. This is an informational change only. 2.0 2021-07-06T07:00:00Z CVE updated to announce that Microsoft is releasing an update for several versions of Window to address this vulnerability. Updates are not yet available for Windows 10 version 1607, Windows Server 2016, or Windows Server 2012. Security updates for these versions of Windows will be released soon. Other information has been updated as well. This information will be updated when more information or updates are available. 3.0 2021-07-07T07:00:00Z CVE updated to announce that Microsoft is releasing an update for Windows 10 version 1607, Windows Server 2016, and Windows Server 2012. Other information has been updated as well. 3.1 2021-07-08T07:00:00Z Added information to the executive summary and the FAQ sections. This is an informational change only. 1.0 2021-07-01T07:00:00Z Information published. 1.1 2021-07-02T07:00:00Z The information in the workaround section was updated. This an informational change only. 1.2 2021-07-02T07:00:00Z CVE revised to update the FAQ, add a mitigation, and add the CVSS score. These are informational changes only. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34527 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5004950 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5004950 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5004948 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5004948 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5004947 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5004947 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5004947 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5004946 (Security Update) | Critical | Remote Code Execution | 5003637 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5004946 (Security Update) | Critical | Remote Code Execution | 5003637 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5004946 (Security Update) | Critical | Remote Code Execution | 5003637 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5004953 (Monthly Rollup) 5004951 (Security Only) |
Critical | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5004953 (Monthly Rollup) 5004951 (Security Only) |
Critical | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5004954 (Monthly Rollup) 5004958 (Security Only) |
Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5004954 (Monthly Rollup) 5004958 (Security Only) |
Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5004954 (Monthly Rollup) | Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5004955 (Monthly Rollup) 5004959 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5004955 (Monthly Rollup) 5004959 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5004955 (Monthly Rollup) 5004959 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5004955 (Monthly Rollup) 5004959 (Security Only) |
Critical | Remote Code Execution | 5003661 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5004953 (Monthly Rollup) 5004951 (Security Only) |
Critical | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5004953 (Monthly Rollup) 5004951 (Security Only) |
Critical | Remote Code Execution | 5003667 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5004956 (Monthly Rollup) 5004960 (Security Only) |
Critical | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5004956 (Monthly Rollup) 5004960 (Security Only) |
Critical | Remote Code Execution | 5003697 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5004954 (Monthly Rollup) 5004958 (Security Only) |
Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5004954 (Monthly Rollup) 5004958 (Security Only) |
Critical | Remote Code Execution | 5003671 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5004948 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5004948 (Security Update) | Critical | Remote Code Execution | 5003638 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5004947 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5004947 (Security Update) | Critical | Remote Code Execution | 5003646 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5004945 (Security Update) | Critical | Remote Code Execution | 5003637 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-34527 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34477 MITRE NVD |
CVE Title: Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34477 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| .NET Education Bundle SDK Install Tool | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| .NET Install Tool for Extension Authors | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34477 | Craig Ingram with Stripe |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-34529 MITRE NVD |
CVE Title: Visual Studio Code Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How does Visual Studio Code protect against remote code execution vulnerabilities in extensions? With the release of Visual Studio Code 1.57, a new feature was added called Workspace Trust. This new feature allows developers to open unfamiliar code or extensions in Restricted Mode with the option to later mark the code as trusted. Restricted Mode works to prevent the automatic execution of code by restricting accessing to certain VS Code features. More details about this new functionality can be found here - https://code.visualstudio.com/updates/v1_57#_workspace-trust Mitigations: None Workarounds: None Revision: 1.0 2021-07-13T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-34529 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-34529 | Kc Udonsi (@glitchnsec) of Trend Micro Sven Nobis of ERNW GmbH David Dworken Ron Masas of Checkmarx Timofte Daniel (@tim17d) Ash Fox, Google Security Team |