This report contains detail for the following vulnerabilities:
| Tag | CVE ID | CVE Title |
|---|---|---|
| Azure Open Management Infrastructure | CVE-2021-38648 | Open Management Infrastructure Elevation of Privilege Vulnerability |
| Azure Open Management Infrastructure | CVE-2021-38645 | Open Management Infrastructure Elevation of Privilege Vulnerability |
| Azure Open Management Infrastructure | CVE-2021-38647 | Open Management Infrastructure Remote Code Execution Vulnerability |
| Azure Open Management Infrastructure | CVE-2021-38649 | Open Management Infrastructure Elevation of Privilege Vulnerability |
| Azure Sphere | CVE-2021-36956 | Azure Sphere Information Disclosure Vulnerability |
| Dynamics Business Central Control | CVE-2021-40440 | Microsoft Dynamics Business Central Cross-site Scripting Vulnerability |
| Microsoft Accessibility Insights for Android | CVE-2021-40448 | Microsoft Accessibility Insights for Android Information Disclosure Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-30606 | Chromium: CVE-2021-30606 Use after free in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-30609 | Chromium: CVE-2021-30609 Use after free in Sign-In |
| Microsoft Edge (Chromium-based) | CVE-2021-30608 | Chromium: CVE-2021-30608 Use after free in Web Share |
| Microsoft Edge (Chromium-based) | CVE-2021-30607 | Chromium: CVE-2021-30607 Use after free in Permissions |
| Microsoft Edge (Chromium-based) | CVE-2021-38641 | Microsoft Edge for Android Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-38642 | Microsoft Edge for iOS Spoofing Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-38669 | Microsoft Edge (Chromium-based) Tampering Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-36930 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) | CVE-2021-30632 | Chromium: CVE-2021-30632 Out of bounds write in V8 |
| Microsoft Edge (Chromium-based) | CVE-2021-30610 | Chromium: CVE-2021-30610 Use after free in Extensions API |
| Microsoft Edge (Chromium-based) | CVE-2021-30620 | Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-30619 | Chromium: CVE-2021-30619 UI Spoofing in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-30618 | Chromium: CVE-2021-30618 Inappropriate implementation in DevTools |
| Microsoft Edge (Chromium-based) | CVE-2021-30621 | Chromium: CVE-2021-30621 UI Spoofing in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-30624 | Chromium: CVE-2021-30624 Use after free in Autofill |
| Microsoft Edge (Chromium-based) | CVE-2021-30623 | Chromium: CVE-2021-30623 Use after free in Bookmarks |
| Microsoft Edge (Chromium-based) | CVE-2021-30622 | Chromium: CVE-2021-30622 Use after free in WebApp Installs |
| Microsoft Edge (Chromium-based) | CVE-2021-30613 | Chromium: CVE-2021-30613 Use after free in Base internals |
| Microsoft Edge (Chromium-based) | CVE-2021-30612 | Chromium: CVE-2021-30612 Use after free in WebRTC |
| Microsoft Edge (Chromium-based) | CVE-2021-30611 | Chromium: CVE-2021-30611 Use after free in WebRTC |
| Microsoft Edge (Chromium-based) | CVE-2021-30614 | Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip |
| Microsoft Edge (Chromium-based) | CVE-2021-30617 | Chromium: CVE-2021-30617 Policy bypass in Blink |
| Microsoft Edge (Chromium-based) | CVE-2021-30616 | Chromium: CVE-2021-30616 Use after free in Media |
| Microsoft Edge (Chromium-based) | CVE-2021-30615 | Chromium: CVE-2021-30615 Cross-origin data leak in Navigation |
| Microsoft Edge (Chromium-based) | CVE-2021-26436 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Microsoft Edge for Android | CVE-2021-26439 | Microsoft Edge for Android Information Disclosure Vulnerability |
| Microsoft MPEG-2 Video Extension | CVE-2021-38644 | Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-38657 | Microsoft Office Graphics Component Information Disclosure Vulnerability |
| Microsoft Office | CVE-2021-38658 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft Office | CVE-2021-38650 | Microsoft Office Spoofing Vulnerability |
| Microsoft Office | CVE-2021-38659 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft Office Access | CVE-2021-38646 | Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft Office Excel | CVE-2021-38660 | Microsoft Office Graphics Remote Code Execution Vulnerability |
| Microsoft Office SharePoint | CVE-2021-38651 | Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft Office SharePoint | CVE-2021-38652 | Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft Office Visio | CVE-2021-38654 | Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft Office Visio | CVE-2021-38653 | Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft Office Word | CVE-2021-38656 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft Windows Codecs Library | CVE-2021-38661 | HEVC Video Extensions Remote Code Execution Vulnerability |
| Microsoft Windows DNS | CVE-2021-36968 | Windows DNS Elevation of Privilege Vulnerability |
| Visual Studio | CVE-2021-36952 | Visual Studio Remote Code Execution Vulnerability |
| Visual Studio | CVE-2021-26434 | Visual Studio Elevation of Privilege Vulnerability |
| Visual Studio | CVE-2021-26437 | Visual Studio Code Spoofing Vulnerability |
| Windows Ancillary Function Driver for WinSock | CVE-2021-38628 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Windows Ancillary Function Driver for WinSock | CVE-2021-38638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| Windows Authenticode | CVE-2021-36959 | Windows Authenticode Spoofing Vulnerability |
| Windows Bind Filter Driver | CVE-2021-36954 | Windows Bind Filter Driver Elevation of Privilege Vulnerability |
| Windows BitLocker | CVE-2021-38632 | BitLocker Security Feature Bypass Vulnerability |
| Windows Common Log File System Driver | CVE-2021-38633 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver | CVE-2021-36963 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Common Log File System Driver | CVE-2021-36955 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-36964 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Event Tracing | CVE-2021-38630 | Windows Event Tracing Elevation of Privilege Vulnerability |
| Windows Installer | CVE-2021-36962 | Windows Installer Information Disclosure Vulnerability |
| Windows Installer | CVE-2021-36961 | Windows Installer Denial of Service Vulnerability |
| Windows Kernel | CVE-2021-38626 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel | CVE-2021-38625 | Windows Kernel Elevation of Privilege Vulnerability |
| Windows Key Storage Provider | CVE-2021-38624 | Windows Key Storage Provider Security Feature Bypass Vulnerability |
| Windows MSHTML Platform | CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability |
| Windows Print Spooler Components | CVE-2021-38667 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2021-38671 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Print Spooler Components | CVE-2021-40447 | Windows Print Spooler Elevation of Privilege Vulnerability |
| Windows Redirected Drive Buffering | CVE-2021-36969 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| Windows Redirected Drive Buffering | CVE-2021-38635 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| Windows Redirected Drive Buffering | CVE-2021-36973 | Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability |
| Windows Redirected Drive Buffering | CVE-2021-38636 | Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability |
| Windows Scripting | CVE-2021-26435 | Windows Scripting Engine Memory Corruption Vulnerability |
| Windows SMB | CVE-2021-36960 | Windows SMB Information Disclosure Vulnerability |
| Windows SMB | CVE-2021-36972 | Windows SMB Information Disclosure Vulnerability |
| Windows SMB | CVE-2021-36974 | Windows SMB Elevation of Privilege Vulnerability |
| Windows Storage | CVE-2021-38637 | Windows Storage Information Disclosure Vulnerability |
| Windows Subsystem for Linux | CVE-2021-36966 | Windows Subsystem for Linux Elevation of Privilege Vulnerability |
| Windows TDX.sys | CVE-2021-38629 | Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability |
| Windows Update | CVE-2021-38634 | Microsoft Windows Update Client Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2021-38639 | Win32k Elevation of Privilege Vulnerability |
| Windows Win32K | CVE-2021-36975 | Win32k Elevation of Privilege Vulnerability |
| Windows WLAN Auto Config Service | CVE-2021-36965 | Windows WLAN AutoConfig Service Remote Code Execution Vulnerability |
| Windows WLAN Service | CVE-2021-36967 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36952 MITRE NVD |
CVE Title: Visual Studio Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36952 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-36952 | Wenguang Jiao working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36954 MITRE NVD |
CVE Title: Windows Bind Filter Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36954 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36954 | k0shl of Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36955 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36955 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36955 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36959 MITRE NVD |
CVE Title: Windows Authenticode Spoofing Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36959 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Spoofing | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Spoofing | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Spoofing | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Spoofing | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Spoofing | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Spoofing | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Spoofing | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Spoofing | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Spoofing | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Spoofing | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Spoofing | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Spoofing | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Spoofing | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Spoofing | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Spoofing | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Spoofing | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Spoofing | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Spoofing | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Spoofing | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Spoofing | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Spoofing | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Spoofing | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Spoofing | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Spoofing | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Spoofing | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36959 | Udi Yavo with Fortinet’s FortiGuard Labs Asaf Rubinfeld with Fortinet’s FortiGuard Labs |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36960 MITRE NVD |
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36960 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36960 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36961 MITRE NVD |
CVE Title: Windows Installer Denial of Service Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36961 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Denial of Service | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Denial of Service | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Denial of Service | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Denial of Service | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Denial of Service | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Denial of Service | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Denial of Service | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Denial of Service | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Denial of Service | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Denial of Service | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Denial of Service | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Denial of Service | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Denial of Service | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Denial of Service | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Denial of Service | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Denial of Service | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Denial of Service | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Denial of Service | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Denial of Service | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Denial of Service | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Denial of Service | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Denial of Service | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Denial of Service | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Denial of Service | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Denial of Service | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Denial of Service | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Denial of Service | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Denial of Service | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Denial of Service | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Denial of Service | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36961 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36962 MITRE NVD |
CVE Title: Windows Installer Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36962 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36962 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36963 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36963 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36963 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36964 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36964 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36964 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36965 MITRE NVD |
CVE Title: Windows WLAN AutoConfig Service Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36965 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Critical | Remote Code Execution | 5005040 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Critical | Remote Code Execution | 5005040 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Critical | Remote Code Execution | 5005031 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Critical | Remote Code Execution | 5005031 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Critical | Remote Code Execution | 5005031 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Critical | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Critical | Remote Code Execution | 5005090 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Critical | Remote Code Execution | 5005090 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Critical | Remote Code Execution | 5005090 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Critical | Remote Code Execution | 5005090 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Critical | Remote Code Execution | 5005094 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Critical | Remote Code Execution | 5005094 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.7 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36965 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36966 MITRE NVD |
CVE Title: Windows Subsystem for Linux Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36966 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36966 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36967 MITRE NVD |
CVE Title: Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36967 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36967 | ziming zhang of Ant Security Light-Year Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36968 MITRE NVD |
CVE Title: Windows DNS Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36968 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36968 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36969 MITRE NVD |
CVE Title: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36969 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36969 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36972 MITRE NVD |
CVE Title: Windows SMB Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36972 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36972 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36973 MITRE NVD |
CVE Title: Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36973 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36973 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36974 MITRE NVD |
CVE Title: Windows SMB Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36974 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36974 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36975 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36975 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-36975 | Nguyen Phuong Nam |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26435 MITRE NVD |
CVE Title: Windows Scripting Engine Memory Corruption Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26435 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Critical | Remote Code Execution | 5005040 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Critical | Remote Code Execution | 5005040 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Critical | Remote Code Execution | 5005031 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Critical | Remote Code Execution | 5005031 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Critical | Remote Code Execution | 5005031 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Critical | Remote Code Execution | 5005076 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) | Critical | Remote Code Execution | 5005090 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) | Critical | Remote Code Execution | 5005090 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) | Critical | Remote Code Execution | 5005090 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) | Critical | Remote Code Execution | 5005090 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Critical | Remote Code Execution | 5005088 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Critical | Remote Code Execution | 5005094 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Critical | Remote Code Execution | 5005094 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Critical | Remote Code Execution | 5005076 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Critical | Remote Code Execution | 5005043 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Critical | Remote Code Execution | 5005033 |
Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-26435 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26436 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26436 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-26436 | David Erceg |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38624 MITRE NVD |
CVE Title: Windows Key Storage Provider Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What security feature is bypassed with this vulnerability? A successful attacker could bypass the Windows Key Storage Provider which issues key certificates for trust in attestation scenarios. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38624 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Security Feature Bypass | 5005040 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Security Feature Bypass | 5005040 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Security Feature Bypass | 5005031 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Security Feature Bypass | 5005031 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Security Feature Bypass | 5005031 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Security Feature Bypass | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Security Feature Bypass | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Security Feature Bypass | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Security Feature Bypass | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Security Feature Bypass | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38624 | Rafael Goncalves of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38625 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38625 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38625 | YanZiShuang(晏子霜) Of Big CjTeam |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38626 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38626 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38626 | YanZiShuang(晏子霜) Of Big CjTeam |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38628 MITRE NVD |
CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38628 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38628 | Erik Egsgard with Field Effect Software |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38629 MITRE NVD |
CVE Title: Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38629 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38629 | Erik Egsgard with Field Effect Software |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38630 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38630 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38630 | Jacob Lewellen of Microsoft Yong Chuan Koh with PixiePoint Security on Twitter |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38632 MITRE NVD |
CVE Title: BitLocker Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.7/5.0
FAQ: What security feature is bypassed with this vulnerability? A successful attacker could bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to a powered off system could exploit this vulnerability to gain access to encrypted data. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38632 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Security Feature Bypass | 5005031 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Security Feature Bypass | 5005031 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Security Feature Bypass | 5005031 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Security Feature Bypass | 5005043 | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Security Feature Bypass | 5005033 |
Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38632 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38633 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38633 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38633 | Nagisa of Cyber KunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38634 MITRE NVD |
CVE Title: Microsoft Windows Update Client Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.1/6.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38634 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.1 Temporal: 6.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38634 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38635 MITRE NVD |
CVE Title: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38635 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38635 | Rahul Gupta of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38636 MITRE NVD |
CVE Title: Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38636 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Information Disclosure | 5005040 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Information Disclosure | 5005090 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Information Disclosure | 5005088 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Information Disclosure | 5005094 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Information Disclosure | 5005076 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Information Disclosure | 5005043 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38636 | Rahul Gupta of Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38637 MITRE NVD |
CVE Title: Windows Storage Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38637 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Information Disclosure | 5005031 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Information Disclosure | 5005033 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38637 | rikirra |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38638 MITRE NVD |
CVE Title: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38638 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38638 | Erik Egsgard with Field Effect Software |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38641 MITRE NVD |
CVE Title: Microsoft Edge for Android Spoofing Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38641 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Spoofing | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38641 | Shivam Kumar Singh with CyberXplore Private Limited Vansh Devgan with CyberXplore Private Limited Tirtha Mandal |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38642 MITRE NVD |
CVE Title: Microsoft Edge for iOS Spoofing Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38642 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Spoofing | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38642 | Shivam Kumar Singh with CyberXplore Private Limited Vansh Devgan with CyberXplore Private Limited |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38645 MITRE NVD |
CVE Title: Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: What is OMI? Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure How do I protect myself from this vulnerability? Run one of these commands, depending on your system configuration:
For more information refer to GitHub - microsoft/omi: Open Management Infrastructure. The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE? The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38645 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Open Management Infrastructure | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38645 | Shir Tamari with Wiz.io Nir Ohfeld with Wiz.io |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38647 MITRE NVD |
CVE Title: Open Management Infrastructure Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.8/8.5
FAQ: What is OMI? Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure How do I protect myself from this vulnerability? Run one of these commands, depending on your system configuration:
For more information refer to GitHub - microsoft/omi: Open Management Infrastructure. The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE? The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability. How does this vulnerability manifest itself? Some Azure products, such as Configuration Management, expose an HTTP/S port for interacting with OMI (port 5986 also known as WinRMport). This configuration where the HTTP/S listener is enabled could allow remote code execution. It is important to mention that most Azure services that use OMI deploy it without exposing the HTTP/S port. How can an attacker exploit the vulnerability? An attacker could send a specially crafted message via HTTPS to port 5986 on a vulnerable system. How can I check my Azure Linux Node for this listening port? On most Linux distributions, the command 'netstat -an | grep 5986' will indicate if any processes are listening on port 5986 (WinRMport). Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38647 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Open Management Infrastructure | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 9.8 Temporal: 8.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38647 | Shir Tamari with Wiz.io Nir Ohfeld with Wiz.io |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38648 MITRE NVD |
CVE Title: Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: What is OMI? Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure How do I protect myself from this vulnerability? Run one of these commands, depending on your system configuration:
For more information refer to GitHub - microsoft/omi: Open Management Infrastructure. The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE? The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38648 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Open Management Infrastructure | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38648 | Shir Tamari with Wiz.io Nir Ohfeld with Wiz.io |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38649 MITRE NVD |
CVE Title: Open Management Infrastructure Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: What is OMI? Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI's small footprint, it also demonstrates very high performance. Refer this link for more details : GitHub - microsoft/omi: Open Management Infrastructure How do I protect myself from this vulnerability? Run one of these commands, depending on your system configuration:
For more information refer to GitHub - microsoft/omi: Open Management Infrastructure. The updates for this vulnerability were published on GitHub on August 11, 2021. Why is Microsoft just now releasing a CVE? The fix to address this vulnerability in open-source code was made available on August 11 to provide partners who depend on this software time to implement the updates before we released the details of the vulnerability. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38649 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Open Management Infrastructure | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38649 | Shir Tamari with Wiz.io Nir Ohfeld with Wiz.io |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38669 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Tampering Vulnerability
CVSS: CVSS:3.0 6.4/5.6
FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.44 | 9/9/2021 | 93.04577.63 | Mitigations: None Workarounds: None Revision: 1.0 2021-09-09T07:00:00Z Information published. |
Important | Tampering | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38669 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Tampering | None | Base: 6.4 Temporal: 5.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38669 | Colin Symon with East Lothian Council |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26437 MITRE NVD |
CVE Title: Visual Studio Code Spoofing Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26437 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Visual Studio Code | Release Notes (Security Update) | Important | Spoofing | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26437 | Ron Masas with BreakPoint Justin Steven |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26439 MITRE NVD |
CVE Title: Microsoft Edge for Android Information Disclosure Vulnerability
CVSS: CVSS:3.0 4.6/4.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Moderate | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26439 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge for Android | Release Notes (Security Update) | Moderate | Information Disclosure | None | Base: 4.6 Temporal: 4.0 Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-26439 | Lili Wei Heqing Huang |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-40440 MITRE NVD |
CVE Title: Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
CVSS: CVSS:3.0 5.4/4.9
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-40440 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Dynamics 365 Business Central 2020 Release Wave 2 – Update 17.10 | 5006075 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| Microsoft Dynamics 365 Business Central 2021 Release Wave 1 - Update 18.5 | 5006076 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.9 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-40440 | rskvp93 with Viettel Cyber Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-40444 MITRE NVD |
CVE Title: Microsoft MSHTML Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.8/7.9
FAQ: There are three updates listed in the Security Updates table for Windows 8.1, Windows Server 2012 R2, and Windows Server 2012. Which updates do I need to apply to my system to be protected from this vulnerability? Customers running Windows 8.1, Windows Server 2012 R2, or Windows Server 2012 can apply either the Monthly Rollup or both the Security Only and the IE Cumulative updates. I am running Windows 7, Windows Server 2008 R2, or Windows Server 2008. Do I need to apply both the Monthly Rollup and the IE Cumulative updates?
Mitigations: Workarounds: Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by configuring the Group Policy using your Local Group Policy Editor or by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability. To disable ActiveX controls via Group Policy In Group Policy settings, navigate to Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page For each zone:
We recommend applying this setting to all zones to fully protect your system. Impact of workaround. This sets the URLACTION_DOWNLOAD_SIGNED_ACTIVEX (0x1001) and URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX (0x1004) to DISABLED (3) for all internet zones for 64-bit and 32-bit processes. New ActiveX controls will not be installed. Previously-installed ActiveX controls will continue to run. How to undo the workaround Set the option in the policy to the original value before the workaround was applied. To disable ActiveX controls on an individual system via regkey: Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Impact of workaround. This sets the URLACTION_DOWNLOAD_SIGNED_ACTIVEX (0x1001) and URLACTION_DOWNLOAD_UNSIGNED_ACTIVEX (0x1004) to DISABLED (3) for all internet zones for 64-bit and 32-bit processes. New ActiveX controls will not be installed. Previously-installed ActiveX controls will continue to run. How to undo the workaround Delete the registry keys that were added in implementing this workaround. To disable preview in Windows Explorer Disabling Shell Preview prevents a user from previewing documents in Windows Explorer. Follow these steps for each type of document you want to prevent being previewed:
For Word documents:
For rich text files:
Impact of workaround Users will not be able to preview documents with the specified extension in Windows Explorer. How to undo the workaround Double-click the .reg file or files that you created in Step Two of the workaround. Revision: 1.0 2021-09-07T07:00:00Z Information published. 1.1 2021-09-09T07:00:00Z The information in the workaround section was updated. This an informational change only. 2.0 2021-09-14T07:00:00Z CVE updated to announce that Microsoft is releasing security updates for all affected versions of Windows to address this vulnerability. These updates include Monthly Rollups, Security Only, and IE Cumulative updates. Please see the FAQ for information on which updates are applicable to your system. Other information has been updated as well, including the following: 1) Executive Summary has been updated 2) FAQs have been added. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | Yes | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2021-40444 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Remote Code Execution | 5005040 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Remote Code Execution | 5005040 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Remote Code Execution | 5005031 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Remote Code Execution | 5005031 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Remote Code Execution | 5005031 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005563 (IE Cumulative) |
Important | Remote Code Execution | 5005088 5005036 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005563 (IE Cumulative) |
Important | Remote Code Execution | 5005088 5005036 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005563 (IE Cumulative) 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Remote Code Execution | 5005036 5005076 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005563 (IE Cumulative) 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Remote Code Execution | 5005036 5005076 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005563 (IE Cumulative) 5005606 (Monthly Rollup) |
Important | Remote Code Execution | 5005036 5005090 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005563 (IE Cumulative) 5005606 (Monthly Rollup) |
Important | Remote Code Execution | 5005036 5005090 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005563 (IE Cumulative) 5005606 (Monthly Rollup) |
Important | Remote Code Execution | 5005036 5005090 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005563 (IE Cumulative) 5005606 (Monthly Rollup) |
Important | Remote Code Execution | 5005036 5005090 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005563 (IE Cumulative) |
Important | Remote Code Execution | 5005088 5005036 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) | Important | Remote Code Execution | 5005088 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005563 (IE Cumulative) 5005623 (Monthly Rollup) |
Important | Remote Code Execution | 5005036 5005094 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) | Important | Remote Code Execution | 5005094 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005563 (IE Cumulative) 5005613 (Monthly Rollup) |
Important | Remote Code Execution | 5005036 5005076 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) | Important | Remote Code Execution | 5005076 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Remote Code Execution | 5005043 | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005575 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005575 (Security Update) | Important | Remote Code Execution | None | Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Remote Code Execution | 5005033 |
Base: 8.8 Temporal: 7.9 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L/E:P/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-40444 | Bryce Abdo of Mandiant Haifei Li of EXPMON Genwei Jiang of Mandiant Rick Cole (MSTIC) Dhanesh Kizhakkinan of Mandiant |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36930 MITRE NVD |
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36930 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-36930 | David Erceg with |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-36956 MITRE NVD |
CVE Title: Azure Sphere Information Disclosure Vulnerability
CVSS: CVSS:3.0 4.4/4.0
FAQ: What version of Azure Sphere has the update that protects from this vulnerability? All versions of Azure Sphere that are 21.08 and higher are protected from this vulnerability. How do I ensure my Azure Sphere device has the update? If your device is new or has not been connected to the internet for a while, connect the device to a secure, private local network with internet access and allow the device to automatically update itself. If the device is already online, verify that the operating system version 21.08 has been installed using the Azure Sphere CLI command:
If the device is connected to the internet and does not yet have the latest update, check the update status with the following Azure Sphere CLI command:
Azure Sphere is running on IoT devices in my environment. How do I know if any of those devices are affected by this vulnerability? An IoT device that is running Azure Sphere and is connected to a network is automatically updated every day. This vulnerability has already been addressed so the devices are protected from this vulnerability. More information on Azure Sphere’s CVE principles can be found on https://docs.microsoft.com/en-us/azure-sphere/deployment/azure-sphere-cves Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-36956 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Azure Sphere | Important | Information Disclosure | None | Base: 4.4 Temporal: 4.0 Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-36956 | Claudio Bozzato with Cisco Talos |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-26434 MITRE NVD |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-26434 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-26434 | Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38639 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38639 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38639 | RanchoIce of Singular Security Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38644 MITRE NVD |
CVE Title: Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is Windows vulnerable in the default configuration? No. Only customers who have installed this app from the Microsoft Store may be vulnerable. How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? App package versions 1.0.42152.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38644 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| MPEG-2 Video Extension | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-38644 | HAO LI of VenusTech ADLab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38646 MITRE NVD |
CVE Title: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38646 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2013 RT Service Pack 1 | 5001958 (Security Update) | Important | Remote Code Execution | 4493206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5001958 (Security Update) | Important | Remote Code Execution | 4493206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5001958 (Security Update) | Important | Remote Code Execution | 4493206 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 5001997 (Security Update) | Important | Remote Code Execution | 4493197 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5001997 (Security Update) | Important | Remote Code Execution | 4493197 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38646 | Eugene Lim with Government Technology Agency of Singapore |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38650 MITRE NVD |
CVE Title: Microsoft Office Spoofing Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38650 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2013 RT Service Pack 1 | 4484108 (Security Update) | Important | Spoofing | 4018375 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4484108 (Security Update) | Important | Spoofing | 4018375 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4484108 (Security Update) | Important | Spoofing | 4018375 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 4484103 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 4484103 (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Spoofing | None | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38650 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38651 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38651 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 5002020 (Security Update) | Important | Spoofing | 5002002 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002024 (Security Update) | Important | Spoofing | 5001992 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Server 2019 | 5002018 (Security Update) | Important | Spoofing | 5002000 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38651 | lalka |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38652 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38652 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft SharePoint Enterprise Server 2016 | 5002020 (Security Update) | Important | Spoofing | 5002002 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002024 (Security Update) | Important | Spoofing | 5001992 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38652 | Omar Eissa |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38653 MITRE NVD |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38653 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38653 | Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38654 MITRE NVD |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38654 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38654 | Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative
|
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38655 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38655 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Excel 2013 RT Service Pack 1 | 5002014 (Security Update) | Important | Remote Code Execution | 5001993 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002014 (Security Update) | Important | Remote Code Execution | 5001993 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002014 (Security Update) | Important | Remote Code Execution | 5001993 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (32-bit edition) | 5002003 (Security Update) | Important | Remote Code Execution | 5001977 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2016 (64-bit edition) | 5002003 (Security Update) | Important | Remote Code Execution | 5001977 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Online Server | 5001999 (Security Update) | Important | Remote Code Execution | 5001973 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002009 (Security Update) | Important | Remote Code Execution | 5001986 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38655 | kdot working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38656 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38656 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38656 | kdot working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38657 MITRE NVD |
CVE Title: Microsoft Office Graphics Component Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.1/5.3
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38657 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6.1 Temporal: 5.3 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38657 | Zhangjie and willJ Zesen Ye (@wh1tc) and Zhiniang Peng (@edwardzpeng) with Sangfor |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38658 MITRE NVD |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38658 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Office 2013 RT Service Pack 1 | 5002007 (Security Update) | Important | Remote Code Execution | 5001983 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5002007 (Security Update) | Important | Remote Code Execution | 5001983 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5002007 (Security Update) | Important | Remote Code Execution | 5001983 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (32-bit edition) | 5002005 (Security Update) | Important | Remote Code Execution | 5001979 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2016 (64-bit edition) | 5002005 (Security Update) | Important | Remote Code Execution | 5001979 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38658 | kdot working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38659 MITRE NVD |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38659 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
| CVE ID | Acknowledgements |
| CVE-2021-38659 | Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38660 MITRE NVD |
CVE Title: Microsoft Office Graphics Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38660 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Excel 2013 RT Service Pack 1 | 5002014 (Security Update) | Important | Remote Code Execution | 5001993 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002014 (Security Update) | Important | Remote Code Execution | 5001993 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002014 (Security Update) | Important | Remote Code Execution | 5001993 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-38660 | Jinquan(@jq0904) with DBAPPSecurity Lieying Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38661 MITRE NVD |
CVE Title: HEVC Video Extensions Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How do I get the updated app? The Microsoft Store will automatically update affected customers. Alternatively, customers can get the update immediately; see here for details. It is possible for customers to disable automatic updates for the Microsoft Store. The Microsoft Store will not automatically install this update for those customers. My system is in a disconnected environment; is it vulnerable? Customers using the Microsoft Store for Business and Microsoft Store for Education can get this update through their organizations. How can I check if the update is installed? If your device manufacturer preinstalled this app, package versions 1.0.42091.0 and later contain this update. If you purchased this app from the Microsoft Store, package versions 1.0.42094.0 and later contain this update. You can check the package version in PowerShell:
Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38661 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| HEVC Video Extensions | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | |
| CVE ID | Acknowledgements |
| CVE-2021-38661 | Azure Yang with Cyber Kunlun Lab Dhanesh Kizhakkinan of FireEye Inc. crashman of codemize security research lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38667 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: Where can I find more information about this security update? Please see KB5005652. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38667 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38667 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-38671 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-38671 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-38671 | Thibault Van Geluwe de Berlaere with Mandiant |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30606 MITRE NVD |
CVE Title: Chromium: CVE-2021-30606 Use after free in Blink
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30606 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30606 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30607 MITRE NVD |
CVE Title: Chromium: CVE-2021-30607 Use after free in Permissions
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30607 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30607 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30608 MITRE NVD |
CVE Title: Chromium: CVE-2021-30608 Use after free in Web Share
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30608 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30608 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30609 MITRE NVD |
CVE Title: Chromium: CVE-2021-30609 Use after free in Sign-In
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30609 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30609 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30610 MITRE NVD |
CVE Title: Chromium: CVE-2021-30610 Use after free in Extensions API
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30610 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30610 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30611 MITRE NVD |
CVE Title: Chromium: CVE-2021-30611 Use after free in WebRTC
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30611 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30611 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30612 MITRE NVD |
CVE Title: Chromium: CVE-2021-30612 Use after free in WebRTC
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30612 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30612 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30613 MITRE NVD |
CVE Title: Chromium: CVE-2021-30613 Use after free in Base internals
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30613 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30613 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30614 MITRE NVD |
CVE Title: Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30614 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30614 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30615 MITRE NVD |
CVE Title: Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30615 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30615 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30616 MITRE NVD |
CVE Title: Chromium: CVE-2021-30616 Use after free in Media
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30616 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30616 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30617 MITRE NVD |
CVE Title: Chromium: CVE-2021-30617 Policy bypass in Blink
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30617 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30617 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30618 MITRE NVD |
CVE Title: Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30618 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30618 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30619 MITRE NVD |
CVE Title: Chromium: CVE-2021-30619 UI Spoofing in Autofill
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30619 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30619 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30620 MITRE NVD |
CVE Title: Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30620 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30620 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30621 MITRE NVD |
CVE Title: Chromium: CVE-2021-30621 UI Spoofing in Autofill
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30621 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30621 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30622 MITRE NVD |
CVE Title: Chromium: CVE-2021-30622 Use after free in WebApp Installs
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30622 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30622 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30623 MITRE NVD |
CVE Title: Chromium: CVE-2021-30623 Use after free in Bookmarks
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30623 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30623 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30624 MITRE NVD |
CVE Title: Chromium: CVE-2021-30624 Use after free in Autofill
CVSS: None FAQ: What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.38 | 9/2/2021 | 93.0.4577.63 | Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0 2021-09-02T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30624 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30624 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-40447 MITRE NVD |
CVE Title: Windows Print Spooler Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-40447 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Windows 10 for 32-bit Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 for x64-based Systems | 5005569 (Security Update) | Important | Elevation of Privilege | 5005040 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for 32-bit Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1607 for x64-based Systems | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for 32-bit Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for ARM64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1809 for x64-based Systems | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for 32-bit Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for ARM64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 1909 for x64-based Systems | 5005566 (Security Update) | Important | Elevation of Privilege | 5005031 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 2004 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 20H2 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for 32-bit Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for ARM64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 10 Version 21H1 for x64-based Systems | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for 32-bit Systems Service Pack 1 | 5005633 (Monthly Rollup) 5005615 (Security Only) |
Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 7 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) | Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for 32-bit systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows 8.1 for x64-based systems | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows RT 8.1 | 5005613 (Monthly Rollup) | Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5005606 (Monthly Rollup) 5005618 (Security Only) |
Important | Elevation of Privilege | 5005090 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5005633 (Monthly Rollup) | Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5005633 (Monthly Rollup) | Important | Elevation of Privilege | 5005088 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 (Server Core installation) | 5005623 (Monthly Rollup) 5005607 (Security Only) |
Important | Elevation of Privilege | 5005094 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2012 R2 (Server Core installation) | 5005613 (Monthly Rollup) 5005627 (Security Only) |
Important | Elevation of Privilege | 5005076 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2016 (Server Core installation) | 5005573 (Security Update) | Important | Elevation of Privilege | 5005043 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2019 (Server Core installation) | 5005568 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server 2022 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 2004 (Server Core installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| Windows Server, version 20H2 (Server Core Installation) | 5005565 (Security Update) | Important | Elevation of Privilege | 5005033 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
| CVE ID | Acknowledgements |
| CVE-2021-40447 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2021-40448 MITRE NVD |
CVE Title: Microsoft Accessibility Insights for Android Information Disclosure Vulnerability
CVSS: CVSS:3.0 6.3/5.5
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2021-40448 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Accessibility Insights for Android | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| Accessibility Insights for Android Service - v2.0.0 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6.3 Temporal: 5.5 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
| CVE ID | Acknowledgements |
| CVE-2021-40448 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
| CVE-2021-30632 MITRE NVD |
CVE Title: Chromium: CVE-2021-30632 Out of bounds write in V8
CVSS: None FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
What is the version information for this release? | Microsoft Edge Version | Date Released | Based on Chromium Version | | ----- | ----- | ----- | | 93.0.961.47 | 9/11/2021 | 93.0.4577.82 | Mitigations: None Workarounds: None Revision: 1.0 2021-09-14T07:00:00Z Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2021-30632 | ||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
| CVE ID | Acknowledgements |
| CVE-2021-30632 | None |