Microsoft CVE Summary

This report contains detail for the following vulnerabilities:

Tag CVE ID CVE Title
Azure Open Management Infrastructure CVE-2021-38648 Open Management Infrastructure Elevation of Privilege Vulnerability
Azure Open Management Infrastructure CVE-2021-38645 Open Management Infrastructure Elevation of Privilege Vulnerability
Azure Open Management Infrastructure CVE-2021-38647 Open Management Infrastructure Remote Code Execution Vulnerability
Azure Open Management Infrastructure CVE-2021-38649 Open Management Infrastructure Elevation of Privilege Vulnerability
Azure Sphere CVE-2021-36956 Azure Sphere Information Disclosure Vulnerability
Dynamics Business Central Control CVE-2021-40440 Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Microsoft Accessibility Insights for Android CVE-2021-40448 Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
Microsoft Edge (Chromium-based) CVE-2021-30606 Chromium: CVE-2021-30606 Use after free in Blink
Microsoft Edge (Chromium-based) CVE-2021-30609 Chromium: CVE-2021-30609 Use after free in Sign-In
Microsoft Edge (Chromium-based) CVE-2021-30608 Chromium: CVE-2021-30608 Use after free in Web Share
Microsoft Edge (Chromium-based) CVE-2021-30607 Chromium: CVE-2021-30607 Use after free in Permissions
Microsoft Edge (Chromium-based) CVE-2021-38641 Microsoft Edge for Android Spoofing Vulnerability
Microsoft Edge (Chromium-based) CVE-2021-38642 Microsoft Edge for iOS Spoofing Vulnerability
Microsoft Edge (Chromium-based) CVE-2021-38669 Microsoft Edge (Chromium-based) Tampering Vulnerability
Microsoft Edge (Chromium-based) CVE-2021-36930 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) CVE-2021-30632 Chromium: CVE-2021-30632 Out of bounds write in V8
Microsoft Edge (Chromium-based) CVE-2021-30610 Chromium: CVE-2021-30610 Use after free in Extensions API
Microsoft Edge (Chromium-based) CVE-2021-30620 Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
Microsoft Edge (Chromium-based) CVE-2021-30619 Chromium: CVE-2021-30619 UI Spoofing in Autofill
Microsoft Edge (Chromium-based) CVE-2021-30618 Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
Microsoft Edge (Chromium-based) CVE-2021-30621 Chromium: CVE-2021-30621 UI Spoofing in Autofill
Microsoft Edge (Chromium-based) CVE-2021-30624 Chromium: CVE-2021-30624 Use after free in Autofill
Microsoft Edge (Chromium-based) CVE-2021-30623 Chromium: CVE-2021-30623 Use after free in Bookmarks
Microsoft Edge (Chromium-based) CVE-2021-30622 Chromium: CVE-2021-30622 Use after free in WebApp Installs
Microsoft Edge (Chromium-based) CVE-2021-30613 Chromium: CVE-2021-30613 Use after free in Base internals
Microsoft Edge (Chromium-based) CVE-2021-30612 Chromium: CVE-2021-30612 Use after free in WebRTC
Microsoft Edge (Chromium-based) CVE-2021-30611 Chromium: CVE-2021-30611 Use after free in WebRTC
Microsoft Edge (Chromium-based) CVE-2021-30614 Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
Microsoft Edge (Chromium-based) CVE-2021-30617 Chromium: CVE-2021-30617 Policy bypass in Blink
Microsoft Edge (Chromium-based) CVE-2021-30616 Chromium: CVE-2021-30616 Use after free in Media
Microsoft Edge (Chromium-based) CVE-2021-30615 Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
Microsoft Edge (Chromium-based) CVE-2021-26436 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Microsoft Edge for Android CVE-2021-26439 Microsoft Edge for Android Information Disclosure Vulnerability
Microsoft MPEG-2 Video Extension CVE-2021-38644 Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
Microsoft Office CVE-2021-38657 Microsoft Office Graphics Component Information Disclosure Vulnerability
Microsoft Office CVE-2021-38658 Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office CVE-2021-38650 Microsoft Office Spoofing Vulnerability
Microsoft Office CVE-2021-38659 Microsoft Office Remote Code Execution Vulnerability
Microsoft Office Access CVE-2021-38646 Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-38655 Microsoft Excel Remote Code Execution Vulnerability
Microsoft Office Excel CVE-2021-38660 Microsoft Office Graphics Remote Code Execution Vulnerability
Microsoft Office SharePoint CVE-2021-38651 Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office SharePoint CVE-2021-38652 Microsoft SharePoint Server Spoofing Vulnerability
Microsoft Office Visio CVE-2021-38654 Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Visio CVE-2021-38653 Microsoft Office Visio Remote Code Execution Vulnerability
Microsoft Office Word CVE-2021-38656 Microsoft Word Remote Code Execution Vulnerability
Microsoft Windows Codecs Library CVE-2021-38661 HEVC Video Extensions Remote Code Execution Vulnerability
Microsoft Windows DNS CVE-2021-36968 Windows DNS Elevation of Privilege Vulnerability
Visual Studio CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability
Visual Studio CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability
Visual Studio CVE-2021-26437 Visual Studio Code Spoofing Vulnerability
Windows Ancillary Function Driver for WinSock CVE-2021-38628 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock CVE-2021-38638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Authenticode CVE-2021-36959 Windows Authenticode Spoofing Vulnerability
Windows Bind Filter Driver CVE-2021-36954 Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows BitLocker CVE-2021-38632 BitLocker Security Feature Bypass Vulnerability
Windows Common Log File System Driver CVE-2021-38633 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver CVE-2021-36963 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver CVE-2021-36955 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-36964 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Event Tracing CVE-2021-38630 Windows Event Tracing Elevation of Privilege Vulnerability
Windows Installer CVE-2021-36962 Windows Installer Information Disclosure Vulnerability
Windows Installer CVE-2021-36961 Windows Installer Denial of Service Vulnerability
Windows Kernel CVE-2021-38626 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel CVE-2021-38625 Windows Kernel Elevation of Privilege Vulnerability
Windows Key Storage Provider CVE-2021-38624 Windows Key Storage Provider Security Feature Bypass Vulnerability
Windows MSHTML Platform CVE-2021-40444 Microsoft MSHTML Remote Code Execution Vulnerability
Windows Print Spooler Components CVE-2021-38667 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components CVE-2021-38671 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Print Spooler Components CVE-2021-40447 Windows Print Spooler Elevation of Privilege Vulnerability
Windows Redirected Drive Buffering CVE-2021-36969 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Redirected Drive Buffering CVE-2021-38635 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Redirected Drive Buffering CVE-2021-36973 Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
Windows Redirected Drive Buffering CVE-2021-38636 Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
Windows Scripting CVE-2021-26435 Windows Scripting Engine Memory Corruption Vulnerability
Windows SMB CVE-2021-36960 Windows SMB Information Disclosure Vulnerability
Windows SMB CVE-2021-36972 Windows SMB Information Disclosure Vulnerability
Windows SMB CVE-2021-36974 Windows SMB Elevation of Privilege Vulnerability
Windows Storage CVE-2021-38637 Windows Storage Information Disclosure Vulnerability
Windows Subsystem for Linux CVE-2021-36966 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Windows TDX.sys CVE-2021-38629 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
Windows Update CVE-2021-38634 Microsoft Windows Update Client Elevation of Privilege Vulnerability
Windows Win32K CVE-2021-38639 Win32k Elevation of Privilege Vulnerability
Windows Win32K CVE-2021-36975 Win32k Elevation of Privilege Vulnerability
Windows WLAN Auto Config Service CVE-2021-36965 Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
Windows WLAN Service CVE-2021-36967 Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

CVE-2021-36952 - Visual Studio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36952
MITRE
NVD
CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36952
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36952 Wenguang Jiao working with Trend Micro Zero Day Initiative


CVE-2021-36954 - Windows Bind Filter Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36954
MITRE
NVD
CVE Title: Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36954
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36954 k0shl of Kunlun Lab


CVE-2021-36955 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36955
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36955
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36955 None

CVE-2021-36959 - Windows Authenticode Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36959
MITRE
NVD
CVE Title: Windows Authenticode Spoofing Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36959
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Spoofing 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Spoofing 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Spoofing 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Spoofing 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Spoofing 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Spoofing 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Spoofing 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Spoofing 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Spoofing 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Spoofing 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Spoofing 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Spoofing 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Spoofing 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Spoofing 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Spoofing 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Spoofing 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Spoofing 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Spoofing 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Spoofing 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Spoofing 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Spoofing 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Spoofing 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Spoofing 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Spoofing 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Spoofing 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Spoofing 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Spoofing 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Spoofing 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Spoofing 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Spoofing 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36959 Udi Yavo with Fortinet’s FortiGuard Labs
Asaf Rubinfeld with Fortinet’s FortiGuard Labs


CVE-2021-36960 - Windows SMB Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36960
MITRE
NVD
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS:

CVSS:3.0 7.5/6.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36960
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 7.5
Temporal: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36960 None

CVE-2021-36961 - Windows Installer Denial of Service Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36961
MITRE
NVD
CVE Title: Windows Installer Denial of Service Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityNone
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Denial of Service

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36961
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Denial of Service 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Denial of Service 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Denial of Service 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Denial of Service 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Denial of Service 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Denial of Service 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Denial of Service 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Denial of Service 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Denial of Service 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Denial of Service 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Denial of Service 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Denial of Service 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Denial of Service 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Denial of Service 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Denial of Service 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Denial of Service 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Denial of Service 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Denial of Service 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Denial of Service 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Denial of Service 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Denial of Service 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Denial of Service 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Denial of Service 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Denial of Service 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Denial of Service 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Denial of Service 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Denial of Service 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Denial of Service 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Denial of Service 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Denial of Service 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36961 Abdelhamid Naceri working with Trend Micro Zero Day Initiative


CVE-2021-36962 - Windows Installer Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36962
MITRE
NVD
CVE Title: Windows Installer Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36962
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36962 Abdelhamid Naceri working with Trend Micro Zero Day Initiative


CVE-2021-36963 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36963
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36963
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36963 Yuki Chen


CVE-2021-36964 - Windows Event Tracing Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36964
MITRE
NVD
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36964
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36964 None

CVE-2021-36965 - Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36965
MITRE
NVD
CVE Title: Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.7
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36965
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Critical Remote Code Execution 5005040 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Critical Remote Code Execution 5005040 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Critical Remote Code Execution 5005031 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Critical Remote Code Execution 5005031 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Critical Remote Code Execution 5005031 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Critical Remote Code Execution 5005076
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Critical Remote Code Execution 5005090
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Critical Remote Code Execution 5005090
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Critical Remote Code Execution 5005090
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Critical Remote Code Execution 5005090
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Critical Remote Code Execution 5005094
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Critical Remote Code Execution 5005094
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.8
Temporal: 7.7
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36965 None

CVE-2021-36966 - Windows Subsystem for Linux Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36966
MITRE
NVD
CVE Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36966
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36966 Anonymous


CVE-2021-36967 - Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36967
MITRE
NVD
CVE Title: Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 8.0/7.0
Base score metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36967
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 8.0
Temporal: 7.0
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36967 ziming zhang of Ant Security Light-Year Lab


CVE-2021-36968 - Windows DNS Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36968
MITRE
NVD
CVE Title: Windows DNS Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely Yes No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36968
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36968 None

CVE-2021-36969 - Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36969
MITRE
NVD
CVE Title: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36969
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36969 None

CVE-2021-36972 - Windows SMB Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36972
MITRE
NVD
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36972
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36972 None

CVE-2021-36973 - Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36973
MITRE
NVD
CVE Title: Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36973
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36973 None

CVE-2021-36974 - Windows SMB Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36974
MITRE
NVD
CVE Title: Windows SMB Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36974
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36974 None

CVE-2021-36975 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36975
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36975
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36975 Nguyen Phuong Nam


CVE-2021-26435 - Windows Scripting Engine Memory Corruption Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26435
MITRE
NVD
CVE Title: Windows Scripting Engine Memory Corruption Vulnerability
CVSS:

CVSS:3.0 8.1/7.1
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

According to the CVSS, User Interaction is Required. What interaction would the user have to do?

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26435
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Critical Remote Code Execution 5005040 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Critical Remote Code Execution 5005040 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Critical Remote Code Execution 5005031 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Critical Remote Code Execution 5005031 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Critical Remote Code Execution 5005031 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Critical Remote Code Execution 5005076
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup) Critical Remote Code Execution 5005090
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup) Critical Remote Code Execution 5005090
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup) Critical Remote Code Execution 5005090
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup) Critical Remote Code Execution 5005090
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Critical Remote Code Execution 5005088
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Critical Remote Code Execution 5005094
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Critical Remote Code Execution 5005094
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Critical Remote Code Execution 5005076
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Critical Remote Code Execution 5005043 Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Critical Remote Code Execution 5005030
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Critical Remote Code Execution 5005033
Base: 8.1
Temporal: 7.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26435 Yuki Chen


CVE-2021-26436 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26436
MITRE
NVD
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 6.1/5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26436
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Important Elevation of Privilege None Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26436 David Erceg


CVE-2021-38624 - Windows Key Storage Provider Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38624
MITRE
NVD
CVE Title: Windows Key Storage Provider Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What security feature is bypassed with this vulnerability?

A successful attacker could bypass the Windows Key Storage Provider which issues key certificates for trust in attestation scenarios.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38624
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Security Feature Bypass 5005040 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Security Feature Bypass 5005040 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Security Feature Bypass 5005031 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Security Feature Bypass 5005031 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Security Feature Bypass 5005031 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Security Feature Bypass 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Security Feature Bypass 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Security Feature Bypass 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Security Feature Bypass 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Security Feature Bypass 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38624 Rafael Goncalves of Microsoft


CVE-2021-38625 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38625
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38625
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38625 YanZiShuang(晏子霜) Of Big CjTeam


CVE-2021-38626 - Windows Kernel Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38626
MITRE
NVD
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38626
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38626 YanZiShuang(晏子霜) Of Big CjTeam


CVE-2021-38628 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38628
MITRE
NVD
CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38628
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38628 Erik Egsgard with Field Effect Software


CVE-2021-38629 - Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38629
MITRE
NVD
CVE Title: Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.5/5.7
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38629
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 6.5
Temporal: 5.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38629 Erik Egsgard with Field Effect Software


CVE-2021-38630 - Windows Event Tracing Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38630
MITRE
NVD
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38630
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38630 Jacob Lewellen of Microsoft


Yong Chuan Koh with PixiePoint Security on Twitter


CVE-2021-38632 - BitLocker Security Feature Bypass Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38632
MITRE
NVD
CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS:

CVSS:3.0 5.7/5.0
Base score metrics
Attack VectorPhysical
Attack ComplexityHigh
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What security feature is bypassed with this vulnerability?

A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Security Feature Bypass

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38632
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Security Feature Bypass 5005031 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Security Feature Bypass 5005031 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Security Feature Bypass 5005031 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Security Feature Bypass 5005043 Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Security Feature Bypass 5005030
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Security Feature Bypass 5005033
Base: 5.7
Temporal: 5.0
Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38632 None

CVE-2021-38633 - Windows Common Log File System Driver Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38633
MITRE
NVD
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38633
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38633 Nagisa of Cyber KunLun


CVE-2021-38634 - Microsoft Windows Update Client Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38634
MITRE
NVD
CVE Title: Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.1/6.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityNone
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38634
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.1
Temporal: 6.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38634 Abdelhamid Naceri working with Trend Micro Zero Day Initiative


CVE-2021-38635 - Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38635
MITRE
NVD
CVE Title: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38635
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38635 Rahul Gupta of Microsoft


CVE-2021-38636 - Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38636
MITRE
NVD
CVE Title: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38636
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Information Disclosure 5005040 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Information Disclosure 5005090
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Information Disclosure 5005088
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Information Disclosure 5005094
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Information Disclosure 5005076
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Information Disclosure 5005043 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38636 Rahul Gupta of Microsoft


CVE-2021-38637 - Windows Storage Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38637
MITRE
NVD
CVE Title: Windows Storage Information Disclosure Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38637
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Information Disclosure 5005031 Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Information Disclosure 5005030
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Information Disclosure 5005033
Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38637 rikirra


CVE-2021-38638 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38638
MITRE
NVD
CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38638
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38638 Erik Egsgard with Field Effect Software


CVE-2021-38641 - Microsoft Edge for Android Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38641
MITRE
NVD
CVE Title: Microsoft Edge for Android Spoofing Vulnerability
CVSS:

CVSS:3.0 6.1/5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38641
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Important Spoofing None Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38641 Shivam Kumar Singh with CyberXplore Private Limited


Vansh Devgan with CyberXplore Private Limited


Tirtha Mandal


CVE-2021-38642 - Microsoft Edge for iOS Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38642
MITRE
NVD
CVE Title: Microsoft Edge for iOS Spoofing Vulnerability
CVSS:

CVSS:3.0 6.1/5.3
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38642
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Important Spoofing None Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38642 Shivam Kumar Singh with CyberXplore Private Limited


Vansh Devgan with CyberXplore Private Limited


CVE-2021-38645 - Open Management Infrastructure Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38645
MITRE
NVD
CVE Title: Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is OMI?

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance.

Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure

How do I protect myself from this vulnerability?

Run one of these commands, depending on your system configuration:

sudo apt-get install omi or sudo yum install omi

For more information refer to GitHub - microsoft/omi: Open Management Infrastructure.

The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE?

The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38645
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Open Management Infrastructure Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38645 Shir Tamari with Wiz.io


Nir Ohfeld with Wiz.io


CVE-2021-38647 - Open Management Infrastructure Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38647
MITRE
NVD
CVE Title: Open Management Infrastructure Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 9.8/8.5
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is OMI?

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance.

Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure

How do I protect myself from this vulnerability?

Run one of these commands, depending on your system configuration:

sudo apt-get install omi or sudo yum install omi

For more information refer to GitHub - microsoft/omi: Open Management Infrastructure.

The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE?

The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability.


How does this vulnerability manifest itself?

Some Azure products, such as Configuration Management, expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport). This configuration where the HTTP/S listener is enabled could allow remote code execution. It is important to mention that most Azure services that use OMI deploy it without exposing the HTTP/S port.

How can an attacker exploit the vulnerability?

An attacker could send a specially crafted message via HTTPS to port 5986 on a vulnerable system.

How can I check my Azure Linux Node for this listening port?

On most Linux distributions, the command 'netstat -an | grep 5986' will indicate if any processes are listening on port 5986 (WinRMport).


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Critical Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38647
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Open Management Infrastructure Release Notes (Security Update) Critical Remote Code Execution None Base: 9.8
Temporal: 8.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38647 Shir Tamari with Wiz.io


Nir Ohfeld with Wiz.io


CVE-2021-38648 - Open Management Infrastructure Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38648
MITRE
NVD
CVE Title: Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is OMI?

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance.

Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure

How do I protect myself from this vulnerability?

Run one of these commands, depending on your system configuration:

sudo apt-get install omi or sudo yum install omi

For more information refer to GitHub - microsoft/omi: Open Management Infrastructure.

The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE?

The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38648
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Open Management Infrastructure Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38648 Shir Tamari with Wiz.io


Nir Ohfeld with Wiz.io


CVE-2021-38649 - Open Management Infrastructure Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38649
MITRE
NVD
CVE Title: Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.0/6.1
Base score metrics
Attack VectorLocal
Attack ComplexityHigh
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is OMI?

Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance.

Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure

How do I protect myself from this vulnerability?

Run one of these commands, depending on your system configuration:

sudo apt-get install omi or sudo yum install omi

For more information refer to GitHub - microsoft/omi: Open Management Infrastructure.

The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE?

The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38649
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Open Management Infrastructure Release Notes (Security Update) Important Elevation of Privilege None Base: 7.0
Temporal: 6.1
Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38649 Shir Tamari with Wiz.io


Nir Ohfeld with Wiz.io


CVE-2021-38669 - Microsoft Edge (Chromium-based) Tampering Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38669
MITRE
NVD
CVE Title: Microsoft Edge (Chromium-based) Tampering Vulnerability
CVSS:

CVSS:3.0 6.4/5.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.44 | 9/9/2021 | 93.04577.63 |


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-09T07:00:00Z    

Information published.


Important Tampering

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38669
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Important Tampering None Base: 6.4
Temporal: 5.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38669 Colin Symon with East Lothian Council


CVE-2021-26437 - Visual Studio Code Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26437
MITRE
NVD
CVE Title: Visual Studio Code Spoofing Vulnerability
CVSS:

CVSS:3.0 5.5/4.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26437
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Visual Studio Code Release Notes (Security Update) Important Spoofing None Base: 5.5
Temporal: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26437 Ron Masas with BreakPoint


Justin Steven


CVE-2021-26439 - Microsoft Edge for Android Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26439
MITRE
NVD
CVE Title: Microsoft Edge for Android Information Disclosure Vulnerability
CVSS:

CVSS:3.0 4.6/4.0
Base score metrics
Attack VectorPhysical
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Moderate Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26439
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge for Android Release Notes (Security Update) Moderate Information Disclosure None Base: 4.6
Temporal: 4.0
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26439 Lili Wei


Heqing Huang


CVE-2021-40440 - Microsoft Dynamics Business Central Cross-site Scripting Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-40440
MITRE
NVD
CVE Title: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVSS:

CVSS:3.0 5.4/4.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-40440
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10 5006075 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe
Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5 5006076 (Security Update) Important Spoofing None Base: 5.4
Temporal: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-40440 rskvp93 with Viettel Cyber Security


CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-40444
MITRE
NVD
CVE Title: Microsoft MSHTML Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 8.8/7.9
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityLow
IntegrityHigh
AvailabilityLow
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

There are three updates listed in the Security Updates table for Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. Which updates do I need to apply to my system to be protected from this vulnerability?

Customers running Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both the Security Only and the IE Cumulative updates.

I am running Windows 7, Windows Server 2008 R2, or Windows Server 2008. Do I need to apply both the Monthly Rollup and the IE Cumulative updates?

  • The Monthly Rollup for Windows 7, Windows Server 2008 R2, and Windows Server 2008 includes the update for this vulnerability. Customers who apply the Monthly Rollup do not need to apply the IE Cumulative update.
  • Customers who only apply Security Only updates need to also apply the IE Cumulative update to be protected from this vulnerability.

Mitigations:

Workarounds:

Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by configuring the Group Policy using your Local Group Policy Editor or by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.

To disable ActiveX controls via Group Policy

In Group Policy settings, navigate to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

For each zone:

  1. Select the zone (Internet Zone, Intranet Zone, Local Machine Zone, or Trusted Sites Zone).
  2. Double-click Download signed ActiveX controls and Enable the policy. Then set the option in the policy to Disable.
  3. Double-click Download unsigned ActiveX controls and Enable the policy. Then set the option in the policy to Disable.

We recommend applying this setting to all zones to fully protect your system.

Impact of workaround.

This sets the URLACTION_DOWNLOAD_SIGNED_ACTIVEX (0x1001) and URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX (0x1004) to DISABLED (3) for all internet zones for 64-bit and 32-bit processes. New ActiveX controls will not be installed. Previously-installed ActiveX controls will continue to run.

How to undo the workaround

Set the option in the policy to the original value before the workaround was applied.

To disable ActiveX controls on an individual system via regkey:

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. To disable installing ActiveX controls in Internet Explorer in all zones, paste the following into a text file and save it with the .reg file extension:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"1001"=dword:00000003
"1004"=dword:00000003

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"1001"=dword:00000003
"1004"=dword:00000003
  1. Double-click the .reg file to apply it to your Policy hive.
  2. Reboot the system to ensure the new configuration is applied.

Impact of workaround.

This sets the URLACTION_DOWNLOAD_SIGNED_ACTIVEX (0x1001) and URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX (0x1004) to DISABLED (3) for all internet zones for 64-bit and 32-bit processes. New ActiveX controls will not be installed. Previously-installed ActiveX controls will continue to run.

How to undo the workaround

Delete the registry keys that were added in implementing this workaround.

To disable preview in Windows Explorer

Disabling Shell Preview prevents a user from previewing documents in Windows Explorer. Follow these steps for each type of document you want to prevent being previewed:

  1. In Registry Editor, navigate to the appropriate registry key for the document type you want to prevent from being previewed. Note that if a registry key does not exist for a document type, it is already not possible to preview that document using Windows Explorer.

For Word documents:

  • HKEY_CLASSES_ROOT\.docx\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}
  • HKEY_CLASSES_ROOT\.doc\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}
  • HKEY_CLASSES_ROOT\.docm\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}

For rich text files:

  • HKEY_CLASSES_ROOT\.rtf\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f}
  1. Export a copy of the regkey for backup.
  2. Double-click Name and in the Edit String dialog box, delete the Value Data.
  3. Click OK,

Impact of workaround

Users will not be able to preview documents with the specified extension in Windows Explorer.

How to undo the workaround

Double-click the .reg file or files that you created in Step Two of the workaround.


Revision:
1.0    2021-09-07T07:00:00Z    

Information published.


1.1    2021-09-09T07:00:00Z    

The information in the workaround section was updated. This an informational change only.


2.0    2021-09-14T07:00:00Z    

CVE updated to announce that Microsoft is releasing security updates for all affected versions of Windows to address this vulnerability. These updates include Monthly Rollups, Security Only, and IE Cumulative updates. Please see the FAQ for information on which updates are applicable to your system. Other information has been updated as well, including the following: 1) Executive Summary has been updated 2) FAQs have been added.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Detected Yes Yes

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-40444
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Remote Code Execution 5005040 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Remote Code Execution 5005040 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Remote Code Execution 5005043 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Remote Code Execution 5005043 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Remote Code Execution 5005030
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Remote Code Execution 5005030
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Remote Code Execution 5005030
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Remote Code Execution 5005031 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Remote Code Execution 5005031 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Remote Code Execution 5005031 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005563 (IE Cumulative)
Important Remote Code Execution 5005088

5005036
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005563 (IE Cumulative)
Important Remote Code Execution 5005088

5005036
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005563 (IE Cumulative)
5005613 (Monthly Rollup)
5005627 (Security Only)
Important Remote Code Execution 5005036
5005076
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005563 (IE Cumulative)
5005613 (Monthly Rollup)
5005627 (Security Only)
Important Remote Code Execution 5005036
5005076
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Remote Code Execution 5005076
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005563 (IE Cumulative)
5005606 (Monthly Rollup)
Important Remote Code Execution 5005036
5005090
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005563 (IE Cumulative)
5005606 (Monthly Rollup)
Important Remote Code Execution 5005036
5005090
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005563 (IE Cumulative)
5005606 (Monthly Rollup)
Important Remote Code Execution 5005036
5005090
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005563 (IE Cumulative)
5005606 (Monthly Rollup)
Important Remote Code Execution 5005036
5005090
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005563 (IE Cumulative)
Important Remote Code Execution 5005088

5005036
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup) Important Remote Code Execution 5005088
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 5005563 (IE Cumulative)
5005623 (Monthly Rollup)
Important Remote Code Execution 5005036
5005094
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup) Important Remote Code Execution 5005094
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 5005563 (IE Cumulative)
5005613 (Monthly Rollup)
Important Remote Code Execution 5005036
5005076
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup) Important Remote Code Execution 5005076
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Remote Code Execution 5005043 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Remote Code Execution 5005043 Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Remote Code Execution 5005030
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Remote Code Execution 5005030
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2022 5005575 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005575 (Security Update) Important Remote Code Execution None Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Remote Code Execution 5005033
Base: 8.8
Temporal: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-40444 Bryce Abdo of Mandiant


Haifei Li of EXPMON


Genwei Jiang of Mandiant


Rick Cole (MSTIC)


Dhanesh Kizhakkinan of Mandiant


CVE-2021-36930 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36930
MITRE
NVD
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 5.3/4.6
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityLow
IntegrityLow
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36930
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Important Elevation of Privilege None Base: 5.3
Temporal: 4.6
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36930 David Erceg with


CVE-2021-36956 - Azure Sphere Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-36956
MITRE
NVD
CVE Title: Azure Sphere Information Disclosure Vulnerability
CVSS:

CVSS:3.0 4.4/4.0
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredHigh
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityProof-of-Concept
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What version of Azure Sphere has the update that protects from this vulnerability?

All versions of Azure Sphere that are 21.08 and higher are protected from this vulnerability.

How do I ensure my Azure Sphere device has the update?

If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.08 has been installed using the Azure Sphere CLI command:

azsphere device show-os-version

If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:

azsphere device show-deployment-status

Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability?

An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-36956
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Azure Sphere Important Information Disclosure None Base: 4.4
Temporal: 4.0
Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2021-36956 Claudio Bozzato with Cisco Talos


CVE-2021-26434 - Visual Studio Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-26434
MITRE
NVD
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-26434
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Release Notes (Security Update) Important Elevation of Privilege None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-26434 Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative


CVE-2021-38639 - Win32k Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38639
MITRE
NVD
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38639
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38639 RanchoIce of Singular Security Lab


CVE-2021-38644 - Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38644
MITRE
NVD
CVE Title: Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is Windows vulnerable in the default configuration?

No. Only customers who have installed this app from the Microsoft Store may be vulnerable.

How do I get the updated app?

The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.

My system is in a disconnected environment; is it vulnerable?

Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.

How can I check if the update is installed?

App package versions 1.0.42152.0 and later contain this update.

You can check the package version in PowerShell:

Get-AppxPackage -Name Microsoft.MPEG2VideoExtension


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38644
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
MPEG-2 Video Extension Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38644 HAO LI of VenusTech ADLab


CVE-2021-38646 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38646
MITRE
NVD
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38646
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2013 RT Service Pack 1 5001958 (Security Update) Important Remote Code Execution 4493206 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 5001958 (Security Update) Important Remote Code Execution 4493206 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 5001958 (Security Update) Important Remote Code Execution 4493206 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2016 (32-bit edition) 5001997 (Security Update) Important Remote Code Execution 4493197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2016 (64-bit edition) 5001997 (Security Update) Important Remote Code Execution 4493197 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38646 Eugene Lim with Government Technology Agency of Singapore


CVE-2021-38650 - Microsoft Office Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38650
MITRE
NVD
CVE Title: Microsoft Office Spoofing Vulnerability
CVSS:

CVSS:3.0 7.6/6.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38650
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
No
Microsoft Office 2013 RT Service Pack 1 4484108 (Security Update) Important Spoofing 4018375 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 4484108 (Security Update) Important Spoofing 4018375 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 4484108 (Security Update) Important Spoofing 4018375 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Office 2016 (32-bit edition) 4484103 (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Office 2016 (64-bit edition) 4484103 (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Spoofing None Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38650 None

CVE-2021-38651 - Microsoft SharePoint Server Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38651
MITRE
NVD
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS:

CVSS:3.0 7.6/6.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38651
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 5002020 (Security Update) Important Spoofing 5002002 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 5002024 (Security Update) Important Spoofing 5001992 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft SharePoint Server 2019 5002018 (Security Update) Important Spoofing 5002000 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38651 lalka


CVE-2021-38652 - Microsoft SharePoint Server Spoofing Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38652
MITRE
NVD
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS:

CVSS:3.0 7.6/6.6
Base score metrics
Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredLow
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityLow
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Spoofing

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38652
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft SharePoint Enterprise Server 2016 5002020 (Security Update) Important Spoofing 5002002 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe
Microsoft SharePoint Foundation 2013 Service Pack 1 5002024 (Security Update) Important Spoofing 5001992 Base: 7.6
Temporal: 6.6
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38652 Omar Eissa


CVE-2021-38653 - Microsoft Office Visio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38653
MITRE
NVD
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38653
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38653 Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative


CVE-2021-38654 - Microsoft Office Visio Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38654
MITRE
NVD
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38654
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38654 Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative


CVE-2021-38655 - Microsoft Excel Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38655
MITRE
NVD
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38655
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Excel 2013 RT Service Pack 1 5002014 (Security Update) Important Remote Code Execution 5001993 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 5002014 (Security Update) Important Remote Code Execution 5001993 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 5002014 (Security Update) Important Remote Code Execution 5001993 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Excel 2016 (32-bit edition) 5002003 (Security Update) Important Remote Code Execution 5001977 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Excel 2016 (64-bit edition) 5002003 (Security Update) Important Remote Code Execution 5001977 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for Mac Release Notes (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office Online Server 5001999 (Security Update) Important Remote Code Execution 5001973 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office Web Apps Server 2013 Service Pack 1 5002009 (Security Update) Important Remote Code Execution 5001986 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38655 kdot working with Trend Micro Zero Day Initiative


CVE-2021-38656 - Microsoft Word Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38656
MITRE
NVD
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38656
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38656 kdot working with Trend Micro Zero Day Initiative


CVE-2021-38657 - Microsoft Office Graphics Component Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38657
MITRE
NVD
CVE Title: Microsoft Office Graphics Component Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.1/5.3
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityNone
AvailabilityLow
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory.


Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38657
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 6.1
Temporal: 5.3
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38657 Zhangjie and willJ


Zesen Ye (@wh1tc) and Zhiniang Peng (@edwardzpeng) with Sangfor


CVE-2021-38658 - Microsoft Office Graphics Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38658
MITRE
NVD
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38658
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Office 2013 RT Service Pack 1 5002007 (Security Update) Important Remote Code Execution 5001983 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (32-bit editions) 5002007 (Security Update) Important Remote Code Execution 5001983 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2013 Service Pack 1 (64-bit editions) 5002007 (Security Update) Important Remote Code Execution 5001983 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2016 (32-bit edition) 5002005 (Security Update) Important Remote Code Execution 5001979 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2016 (64-bit edition) 5002005 (Security Update) Important Remote Code Execution 5001979 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Office 2019 for 32-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft Office 2019 for 64-bit editions Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38658 kdot working with Trend Micro Zero Day Initiative


CVE-2021-38659 - Microsoft Office Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38659
MITRE
NVD
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38659
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft 365 Apps for Enterprise for 32-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No
Microsoft 365 Apps for Enterprise for 64-bit Systems Click to Run (Security Update) Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38659 Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative


CVE-2021-38660 - Microsoft Office Graphics Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38660
MITRE
NVD
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Is the Preview Pane an attack vector for this vulnerability?

No, the Preview Pane is not an attack vector.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38660
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Excel 2013 RT Service Pack 1 5002014 (Security Update) Important Remote Code Execution 5001993 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Excel 2013 Service Pack 1 (32-bit editions) 5002014 (Security Update) Important Remote Code Execution 5001993 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe
Microsoft Excel 2013 Service Pack 1 (64-bit editions) 5002014 (Security Update) Important Remote Code Execution 5001993 Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38660 Jinquan(@jq0904) with DBAPPSecurity Lieying Lab


CVE-2021-38661 - HEVC Video Extensions Remote Code Execution Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38661
MITRE
NVD
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS:

CVSS:3.0 7.8/6.8
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

How do I get the updated app?

The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details.

It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers.

My system is in a disconnected environment; is it vulnerable?

Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations.

How can I check if the update is installed?

If your device manufacturer preinstalled this app, package versions 1.0.42091.0 and later contain this update.

If you purchased this app from the Microsoft Store, package versions 1.0.42094.0 and later contain this update.

You can check the package version in PowerShell:

Get-AppxPackage -Name Microsoft.HEVCVideoExtension*


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Remote Code Execution

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38661
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
HEVC Video Extensions Important Remote Code Execution None Base: 7.8
Temporal: 6.8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Unknown

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38661 Azure Yang with Cyber Kunlun Lab


Dhanesh Kizhakkinan of FireEye Inc.


crashman of codemize security research lab


CVE-2021-38667 - Windows Print Spooler Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38667
MITRE
NVD
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

Where can I find more information about this security update?

Please see KB5005652.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38667
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38667 None

CVE-2021-38671 - Windows Print Spooler Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-38671
MITRE
NVD
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation More Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-38671
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-38671 Thibault Van Geluwe de Berlaere with Mandiant


CVE-2021-30606 - Chromium: CVE-2021-30606 Use after free in Blink

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30606
MITRE
NVD
CVE Title: Chromium: CVE-2021-30606 Use after free in Blink
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30606
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30606 None

CVE-2021-30607 - Chromium: CVE-2021-30607 Use after free in Permissions

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30607
MITRE
NVD
CVE Title: Chromium: CVE-2021-30607 Use after free in Permissions
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30607
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30607 None

CVE-2021-30608 - Chromium: CVE-2021-30608 Use after free in Web Share

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30608
MITRE
NVD
CVE Title: Chromium: CVE-2021-30608 Use after free in Web Share
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30608
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30608 None

CVE-2021-30609 - Chromium: CVE-2021-30609 Use after free in Sign-In

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30609
MITRE
NVD
CVE Title: Chromium: CVE-2021-30609 Use after free in Sign-In
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30609
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30609 None

CVE-2021-30610 - Chromium: CVE-2021-30610 Use after free in Extensions API

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30610
MITRE
NVD
CVE Title: Chromium: CVE-2021-30610 Use after free in Extensions API
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30610
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30610 None

CVE-2021-30611 - Chromium: CVE-2021-30611 Use after free in WebRTC

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30611
MITRE
NVD
CVE Title: Chromium: CVE-2021-30611 Use after free in WebRTC
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30611
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30611 None

CVE-2021-30612 - Chromium: CVE-2021-30612 Use after free in WebRTC

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30612
MITRE
NVD
CVE Title: Chromium: CVE-2021-30612 Use after free in WebRTC
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30612
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30612 None

CVE-2021-30613 - Chromium: CVE-2021-30613 Use after free in Base internals

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30613
MITRE
NVD
CVE Title: Chromium: CVE-2021-30613 Use after free in Base internals
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30613
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30613 None

CVE-2021-30614 - Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30614
MITRE
NVD
CVE Title: Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30614
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30614 None

CVE-2021-30615 - Chromium: CVE-2021-30615 Cross-origin data leak in Navigation

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30615
MITRE
NVD
CVE Title: Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30615
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30615 None

CVE-2021-30616 - Chromium: CVE-2021-30616 Use after free in Media

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30616
MITRE
NVD
CVE Title: Chromium: CVE-2021-30616 Use after free in Media
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30616
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30616 None

CVE-2021-30617 - Chromium: CVE-2021-30617 Policy bypass in Blink

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30617
MITRE
NVD
CVE Title: Chromium: CVE-2021-30617 Policy bypass in Blink
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30617
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30617 None

CVE-2021-30618 - Chromium: CVE-2021-30618 Inappropriate implementation in DevTools

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30618
MITRE
NVD
CVE Title: Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30618
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30618 None

CVE-2021-30619 - Chromium: CVE-2021-30619 UI Spoofing in Autofill

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30619
MITRE
NVD
CVE Title: Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30619
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30619 None

CVE-2021-30620 - Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30620
MITRE
NVD
CVE Title: Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30620
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30620 None

CVE-2021-30621 - Chromium: CVE-2021-30621 UI Spoofing in Autofill

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30621
MITRE
NVD
CVE Title: Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30621
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30621 None

CVE-2021-30622 - Chromium: CVE-2021-30622 Use after free in WebApp Installs

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30622
MITRE
NVD
CVE Title: Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30622
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30622 None

CVE-2021-30623 - Chromium: CVE-2021-30623 Use after free in Bookmarks

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30623
MITRE
NVD
CVE Title: Chromium: CVE-2021-30623 Use after free in Bookmarks
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30623
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30623 None

CVE-2021-30624 - Chromium: CVE-2021-30624 Use after free in Autofill

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30624
MITRE
NVD
CVE Title: Chromium: CVE-2021-30624 Use after free in Autofill
CVSS:
None
FAQ:

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 |


Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-02T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30624
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30624 None

CVE-2021-40447 - Windows Print Spooler Elevation of Privilege Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-40447
MITRE
NVD
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS:

CVSS:3.0 7.8/7.2
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredLow
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
Temporal score metrics
Exploit Code MaturityFunctional
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:
None
Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Elevation of Privilege

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-40447
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Windows 10 for 32-bit Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 for x64-based Systems 5005569 (Security Update) Important Elevation of Privilege 5005040 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for 32-bit Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1607 for x64-based Systems 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for 32-bit Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for ARM64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1809 for x64-based Systems 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for 32-bit Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for ARM64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 1909 for x64-based Systems 5005566 (Security Update) Important Elevation of Privilege 5005031 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 2004 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 20H2 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for 32-bit Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for ARM64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 10 Version 21H1 for x64-based Systems 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for 32-bit Systems Service Pack 1 5005633 (Monthly Rollup)
5005615 (Security Only)
Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 7 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup) Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for 32-bit systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows 8.1 for x64-based systems 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows RT 8.1 5005613 (Monthly Rollup) Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) 5005606 (Monthly Rollup)
5005618 (Security Only)
Important Elevation of Privilege 5005090
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 5005633 (Monthly Rollup) Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) 5005633 (Monthly Rollup) Important Elevation of Privilege 5005088
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 (Server Core installation) 5005623 (Monthly Rollup)
5005607 (Security Only)
Important Elevation of Privilege 5005094
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2012 R2 (Server Core installation) 5005613 (Monthly Rollup)
5005627 (Security Only)
Important Elevation of Privilege 5005076
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2016 (Server Core installation) 5005573 (Security Update) Important Elevation of Privilege 5005043 Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2019 (Server Core installation) 5005568 (Security Update) Important Elevation of Privilege 5005030
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server 2022 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 2004 (Server Core installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes
Windows Server, version 20H2 (Server Core Installation) 5005565 (Security Update) Important Elevation of Privilege 5005033
Base: 7.8
Temporal: 7.2
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Yes

Acknowledgements

CVE ID Acknowledgements
CVE-2021-40447 None

CVE-2021-40448 - Microsoft Accessibility Insights for Android Information Disclosure Vulnerability

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-40448
MITRE
NVD
CVE Title: Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
CVSS:

CVSS:3.0 6.3/5.5
Base score metrics
Attack VectorLocal
Attack ComplexityLow
Privileges RequiredNone
User InteractionRequired
ScopeChanged
ConfidentialityHigh
IntegrityNone
AvailabilityNone
Temporal score metrics
Exploit Code MaturityUnproven
Remediation LevelOfficial Fix
Report ConfidenceConfirmed

FAQ:

What type of information could be disclosed by this vulnerability?

The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information.


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Important Information Disclosure

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Exploitation Less Likely No No

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-40448
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Accessibility Insights for Android Release Notes (Security Update) Important Information Disclosure None Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe
Accessibility Insights for Android Service - v2.0.0 Release Notes (Security Update) Important Information Disclosure None Base: 6.3
Temporal: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C
Maybe

Acknowledgements

CVE ID Acknowledgements
CVE-2021-40448

CVE-2021-30632 - Chromium: CVE-2021-30632 Out of bounds write in V8

(top)
CVE ID Vulnerability Description Maximum Severity Rating Vulnerability Impact
CVE-2021-30632
MITRE
NVD
CVE Title: Chromium: CVE-2021-30632 Out of bounds write in V8
CVSS:
None
FAQ:

Why is this Chrome CVE included in the Security Update Guide?

The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

How can I see the version of the browser?

  1. In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
  2. Click on Help and Feedback
  3. Click on About Microsoft Edge

What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.47 | 9/11/2021 | 93.0.4577.82 |


Mitigations:
None
Workarounds:
None
Revision:
1.0    2021-09-14T07:00:00Z    

Information published.


Unknown Unknown

Exploitability Index

The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.

Exploitability Assessment Publicly Disclosed Exploited
Not Found Not Found Not Found

Affected Software

The following tables list the affected software details for the vulnerability.

CVE-2021-30632
Product KB Article Severity Impact Supercedence CVSS Score Set Restart Required
Microsoft Edge (Chromium-based) Release Notes (Security Update) Unknown Unknown None Base: N/A
Temporal: N/A
Vector: N/A
No

Acknowledgements

CVE ID Acknowledgements
CVE-2021-30632 None