This report contains detail for the following vulnerabilities:
Tag | CVE ID | CVE Title |
---|---|---|
.NET Core & Visual Studio | CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability |
Active Directory Federation Services | CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability |
Console Window Host | CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability |
HTTP.sys | CVE-2021-26442 | Windows HTTP.sys Elevation of Privilege Vulnerability |
Microsoft DWM Core Library | CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
Microsoft Dynamics | CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability |
Microsoft Dynamics | CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability |
Microsoft Dynamics | CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability |
Microsoft Edge (Chromium-based) | CVE-2021-37978 | Chromium: CVE-2021-37978 Heap buffer overflow in Blink |
Microsoft Edge (Chromium-based) | CVE-2021-37979 | Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC |
Microsoft Edge (Chromium-based) | CVE-2021-37980 | Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox |
Microsoft Edge (Chromium-based) | CVE-2021-37977 | Chromium: CVE-2021-37977 Use after free in Garbage Collection |
Microsoft Edge (Chromium-based) | CVE-2021-37974 | Chromium: CVE-2021-37974 Use after free in Safe Browsing |
Microsoft Edge (Chromium-based) | CVE-2021-37975 | Chromium: CVE-2021-37975 Use after free in V8 |
Microsoft Edge (Chromium-based) | CVE-2021-37976 | Chromium: CVE-2021-37976 Information leak in core |
Microsoft Exchange Server | CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Microsoft Exchange Server | CVE-2021-34453 | Microsoft Exchange Server Denial of Service Vulnerability |
Microsoft Exchange Server | CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
Microsoft Exchange Server | CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability |
Microsoft Graphics Component | CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability |
Microsoft Intune | CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability |
Microsoft Office Excel | CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability |
Microsoft Office Excel | CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office Excel | CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft Office SharePoint | CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability |
Microsoft Office SharePoint | CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability |
Microsoft Office SharePoint | CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
Microsoft Office Visio | CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft Office Visio | CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability |
Microsoft Office Word | CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability |
Microsoft Windows Codecs Library | CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability |
Rich Text Edit Control | CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability |
Role: DNS Server | CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability |
Role: Windows Active Directory Server | CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability |
Role: Windows AD FS Server | CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability |
Role: Windows Hyper-V | CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability |
Role: Windows Hyper-V | CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability |
System Center | CVE-2021-41352 | SCOM Information Disclosure Vulnerability |
Visual Studio | CVE-2020-1971 | OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference |
Visual Studio | CVE-2021-3450 | OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT |
Visual Studio | CVE-2021-3449 | OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing |
Windows AppContainer | CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability |
Windows AppContainer | CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability |
Windows AppX Deployment Service | CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability |
Windows Bind Filter Driver | CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability |
Windows Cloud Files Mini Filter Driver | CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability |
Windows Common Log File System Driver | CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Common Log File System Driver | CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Common Log File System Driver | CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
Windows Desktop Bridge | CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability |
Windows DirectX | CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability |
Windows Event Tracing | CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability |
Windows exFAT File System | CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability |
Windows Fastfat Driver | CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability |
Windows Fastfat Driver | CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability |
Windows Installer | CVE-2021-40455 | Windows Installer Spoofing Vulnerability |
Windows Kernel | CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability |
Windows Kernel | CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability |
Windows MSHTML Platform | CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability |
Windows Nearby Sharing | CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability |
Windows Network Address Translation (NAT) | CVE-2021-40463 | Windows NAT Denial of Service Vulnerability |
Windows Print Spooler Components | CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability |
Windows Print Spooler Components | CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability |
Windows Remote Procedure Call Runtime | CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability |
Windows Storage Spaces Controller | CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability |
Windows Storage Spaces Controller | CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability |
Windows Storage Spaces Controller | CVE-2021-26441 | Storage Spaces Controller Elevation of Privilege Vulnerability |
Windows Storage Spaces Controller | CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability |
Windows Storage Spaces Controller | CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability |
Windows TCP/IP | CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability |
Windows Text Shaping | CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability |
Windows Win32K | CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability |
Windows Win32K | CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-34453 MITRE NVD |
CVE Title: Microsoft Exchange Server Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-34453 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5007012 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5007012 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5007012 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes | |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5007012 (Security Update) | Important | Denial of Service | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-34453 | Nicolas Joly of Microsoft Corporation |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-36953 MITRE NVD |
CVE Title: Windows TCP/IP Denial of Service Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-36953 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Denial of Service | 5005569 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Denial of Service | 5005569 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Denial of Service | 5005566 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Denial of Service | 5005566 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Denial of Service | 5005566 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Denial of Service | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Denial of Service | 5005633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Denial of Service | 5005633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Denial of Service | 5005613 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Denial of Service | 5005606 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Denial of Service | 5005606 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Denial of Service | 5005606 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Denial of Service | 5005606 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Denial of Service | 5005633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Denial of Service | 5005633 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Denial of Service | 5005623 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Denial of Service | 5005623 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Denial of Service | 5005575 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Denial of Service | 5005575 | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-36953 | Huichen Lin and Dong Seong Kim of School of Information Technology and Electrical Engineering - The University of Queensland |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-36970 MITRE NVD |
CVE Title: Windows Print Spooler Spoofing Vulnerability
CVSS: CVSS:3.0 8.8/8.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-36970 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Spoofing | 5005569 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Spoofing | 5005569 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Spoofing | 5005566 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Spoofing | 5005566 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Spoofing | 5005566 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Spoofing | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Spoofing | None | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Spoofing | 5005613 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Spoofing | 5005623 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Spoofing | 5005623 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Spoofing | 5005575 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Spoofing | 5005575 | Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 8.8 Temporal: 8.2 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-36970 | XueFeng Li and Zhiniang Peng with Sangfor |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40443 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40443 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40443 | Asuka with Cyber KunLun HyungSeok Han with Theori |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40449 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
CVE-2021-40449 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40449 | Boris Larin (oct0xor) with Kaspersky |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40454 MITRE NVD |
CVE Title: Rich Text Edit Control Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/5.1
FAQ: What type of information could be disclosed by this vulnerability? An attacker that successfully exploited this vulnerability could recover cleartext passwords from memory. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40454 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
No |
Microsoft Office 2013 RT Service Pack 1 | 4018332 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 4018332 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 4018332 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 4461476 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 4461476 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
No |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 5.1 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40454 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40455 MITRE NVD |
CVE Title: Windows Installer Spoofing Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40455 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Spoofing | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Spoofing | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Spoofing | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Spoofing | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Spoofing | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Spoofing | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Spoofing | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Spoofing | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Spoofing | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Spoofing | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Spoofing | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Spoofing | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Spoofing | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Spoofing | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Spoofing | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40455 | Fortinet's FortiGuard Labs. |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40456 MITRE NVD |
CVE Title: Windows AD FS Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: What security feature could be bypassed by exploiting this vulnerability? This vulnerability could allow an attacker to bypass ADFS BannedIPList entries for WS-Trust workflows. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40456 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2019 | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40456 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40457 MITRE NVD |
CVE Title: Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
CVSS: CVSS:3.1 7.4/6.9
FAQ: The CVSS Score says user action is required. What type of user action is required? A user would have to open a maliciously crafted email sent to Dynamics 365 Customer Engagement. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40457 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 Customer Engagement V9.0 | 4618795 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
Microsoft Dynamics 365 Customer Engagement V9.1 | 4618810 (Security Update) | Important | Spoofing | None | Base: 7.4 Temporal: 6.9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:F/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40457 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40475 MITRE NVD |
CVE Title: Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40475 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40475 | ziming zhang of Ant Security Light-Year Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40476 MITRE NVD |
CVE Title: Windows AppContainer Elevation Of Privilege Vulnerability
CVSS: CVSS:3.0 7.5/6.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40476 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.5 Temporal: 6.7 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40476 | James Forshaw of Google Project Zero |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40477 MITRE NVD |
CVE Title: Windows Event Tracing Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40477 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40477 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40478 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40478 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40478 | ghiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative
|
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41344 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41344 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 5002029 (Security Update) | Important | Remote Code Execution | 5002020 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002042 (Security Update) | Important | Remote Code Execution | 5002024 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002028 (Security Update) | Important | Remote Code Execution | 5002018 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-41344 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41348 MITRE NVD |
CVE Title: Microsoft Exchange Server Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41348 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5007012 (Security Update) | Important | Elevation of Privilege | 5004779 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5007012 (Security Update) | Important | Elevation of Privilege | 5004779 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5007012 (Security Update) | Important | Elevation of Privilege | 5004779 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5007012 (Security Update) | Important | Elevation of Privilege | 5004779 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41348 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41350 MITRE NVD |
CVE Title: Microsoft Exchange Server Spoofing Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41350 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5007012 (Security Update) | Important | Spoofing | 5004779 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5007012 (Security Update) | Important | Spoofing | 5004779 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5007012 (Security Update) | Important | Spoofing | 5004779 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5007012 (Security Update) | Important | Spoofing | 5004779 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41350 | Diamond Chen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41355 MITRE NVD |
CVE Title: .NET Core and Visual Studio Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.7/5.0
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41355 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
.NET 5.0 | (Security Update) | Important | Information Disclosure | None | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 5.7 Temporal: 5.0 Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-41355 | Srinivas Nunna of Microsoft |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41361 MITRE NVD |
CVE Title: Active Directory Federation Server Spoofing Vulnerability
CVSS: CVSS:3.1 5.4/4.7
FAQ: How could an attacker exploit this vulnerability? The ADFS (Active Directory Federation Services) services are vulnerable during the logout redirect request to cross-site scripting of the post logout redirect URI. An attacker who successfully exploited this vulnerability could leave an application using this ADFS library vulnerable to common XSS attacks. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41361 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2016 | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Spoofing | 5005573 | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Spoofing | 5005030 |
Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Spoofing | 5005575 | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Spoofing | 5005575 | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Spoofing | 5005565 |
Base: 5.4 Temporal: 4.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41361 | Nadish Shajahan |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2021-3450 MITRE NVD |
CVE Title: OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT
CVSS: None FAQ: Why is this OpenSSL Software Foundation CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Unlikely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-3450 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-3450 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2021-3449 MITRE NVD |
CVE Title: OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing
CVSS: None FAQ: Why is this OpenSSL Software Foundation CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-3449 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-3449 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact |
CVE-2020-1971 MITRE NVD |
CVE Title: OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference
CVSS: None FAQ: Why is this OpenSSL Software Foundation CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2020-1971 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | Release Notes (Security Update) | Important | Denial of Service | None | Base: N/A Temporal: N/A Vector: N/A |
Maybe |
CVE ID | Acknowledgements |
CVE-2020-1971 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-26427 MITRE NVD |
CVE Title: Microsoft Exchange Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 9.0/7.8
FAQ: According to the CVSS, the attack vector is Adjacent. What does that mean and how is that different from a Network vector? This vulnerability's attack is limited at the protocol level to a logically adjacent topology. This means it cannot simply be done across the internet, but instead needs something specific tied to the target. Good examples would include the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). This is common to many attacks that require man-in-the-middle type setups or that rely on initially gaining a foothold in another environment. What is meant by scope change for this particular vulnerability? In this case, the attacker is making specific requests over an adjacent network. This normally means as part of the same shared physical network (such as Bluetooth or IEEE 802.11), logical network (local IP subnet), or from within a secure or otherwise limited administrative domain (MPLS, secure VPN to an administrative network zone). From this point their attack allows changes to be made within the target Exchange server. The scope change is due to the attack on the network level triggering an effect on the OS level of the target system. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-26427 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Exchange Server 2013 Cumulative Update 23 | 5007011 (Security Update) | Important | Remote Code Execution | 5004778 |
Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Microsoft Exchange Server 2016 Cumulative Update 21 | 5007012 (Security Update) | Important | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Microsoft Exchange Server 2016 Cumulative Update 22 | 5007012 (Security Update) | Important | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Microsoft Exchange Server 2019 Cumulative Update 10 | 5007012 (Security Update) | Important | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes | |
Microsoft Exchange Server 2019 Cumulative Update 11 | 5007012 (Security Update) | Important | Remote Code Execution | Base: 9.0 Temporal: 7.8 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-26427 | National Security Agency (NSA) Andrew Ruddick, Microsoft Security Response Center |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-38662 MITRE NVD |
CVE Title: Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-38662 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-38662 | OldStone of Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-38663 MITRE NVD |
CVE Title: Windows exFAT File System Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-38663 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-38663 | OldStone of Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-38672 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.0/7.0
FAQ: How could an attacker exploit this vulnerability? For successful exploitation, this vulnerability could allow a malicious guest VM to read kernel memory in the host. To trigger this vulnerability the guest VM requires a memory allocation error to first occur on the guest VM. This bug could be used for a VM escape from guest to host. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-38672 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Critical | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Critical | Remote Code Execution | 5005575 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Critical | Remote Code Execution | 5005575 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-38672 | Wei in Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40450 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40450 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40450 | H4iiluv of 73lab with Qingteng |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40460 MITRE NVD |
CVE Title: Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 6.5/5.7
FAQ: What security feature could be bypassed by exploiting this vulnerability? This vulnerability could allow an attacker to bypass Extended Protection for Authentication provided by SPN target name validation. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40460 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Security Feature Bypass | 5005569 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Security Feature Bypass | 5005569 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Security Feature Bypass | 5005566 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Security Feature Bypass | 5005566 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Security Feature Bypass | 5005566 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Security Feature Bypass | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Security Feature Bypass | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Security Feature Bypass | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Security Feature Bypass | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Security Feature Bypass | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Security Feature Bypass | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Security Feature Bypass | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Security Feature Bypass | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Security Feature Bypass | 5005623 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Security Feature Bypass | 5005623 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Security Feature Bypass | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Security Feature Bypass | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40460 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40461 MITRE NVD |
CVE Title: Windows Hyper-V Remote Code Execution Vulnerability
CVSS: CVSS:3.1 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40461 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Critical | Remote Code Execution | 5005566 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Critical | Remote Code Execution | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Critical | Remote Code Execution | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Critical | Remote Code Execution | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Critical | Remote Code Execution | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Critical | Remote Code Execution | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Critical | Remote Code Execution | 5005575 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Critical | Remote Code Execution | 5005575 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Critical | Remote Code Execution | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Critical | Remote Code Execution | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40461 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40462 MITRE NVD |
CVE Title: Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40462 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40462 | HAO LI of VenusTech ADLab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40463 MITRE NVD |
CVE Title: Windows NAT Denial of Service Vulnerability
CVSS: CVSS:3.0 7.7/6.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Denial of Service |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40463 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Denial of Service | 5005569 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Denial of Service | 5005569 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Denial of Service | 5005566 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Denial of Service | 5005566 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Denial of Service | 5005566 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Denial of Service | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Denial of Service | None | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Denial of Service | 5005613 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Denial of Service | 5005623 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Denial of Service | 5005623 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Denial of Service | 5005613 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Denial of Service | 5005573 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Denial of Service | 5005030 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Denial of Service | 5005575 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Denial of Service | 5005575 | Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Denial of Service | 5005565 |
Base: 7.7 Temporal: 6.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40463 | Huichen Lin and Dong Seong Kim with School of Information Technology and Electrical Engineering - The University of Queensland |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40464 MITRE NVD |
CVE Title: Windows Nearby Sharing Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 8.0/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40464 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 8.0 Temporal: 7.0 Vector: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40464 | Caleb Helbling |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40465 MITRE NVD |
CVE Title: Windows Text Shaping Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40465 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40465 | Hardik Shah |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40466 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40466 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40466 | Yuki Chen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40467 MITRE NVD |
CVE Title: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40467 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40467 | Yuki Chen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40468 MITRE NVD |
CVE Title: Windows Bind Filter Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40468 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40468 | k0shl |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40469 MITRE NVD |
CVE Title: Windows DNS Server Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.2/6.5
FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40469 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.2 Temporal: 6.5 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40469 | Yuki Chen |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40470 MITRE NVD |
CVE Title: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40470 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40470 | EZ1103 with Ant Security Light-Year Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40471 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40471 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2013 RT Service Pack 1 | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5001982 (Security Update) | Important | Remote Code Execution | 5001951 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5001982 (Security Update) | Important | Remote Code Execution | 5001951 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2021-40471 | dio0305 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40472 MITRE NVD |
CVE Title: Microsoft Excel Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40472 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Excel 2013 RT Service Pack 1 | 5002043 (Security Update) | Important | Information Disclosure | 5002014 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002043 (Security Update) | Important | Information Disclosure | 5002014 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002043 (Security Update) | Important | Information Disclosure | 5002014 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 5002030 (Security Update) | Important | Information Disclosure | 5002003 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002030 (Security Update) | Important | Information Disclosure | 5002003 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 RT Service Pack 1 | 5001985 (Security Update) | Important | Information Disclosure | 5001955 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5001985 (Security Update) | Important | Information Disclosure | 5001955 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5001985 (Security Update) | Important | Information Disclosure | 5001955 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5001982 (Security Update) | Important | Information Disclosure | 5001951 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5001982 (Security Update) | Important | Information Disclosure | 5001951 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office Online Server | 5002027 (Security Update) | Important | Information Disclosure | 5001999 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002036 (Security Update) | Important | Information Disclosure | 5002009 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40472 | dio0305 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40473 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40473 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2013 RT Service Pack 1 | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5001982 (Security Update) | Important | Remote Code Execution | 5001951 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5001982 (Security Update) | Important | Remote Code Execution | 5001951 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2021-40473 | dio0305 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40474 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40474 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Excel 2013 RT Service Pack 1 | 5002043 (Security Update) | Important | Remote Code Execution | 5002014 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002043 (Security Update) | Important | Remote Code Execution | 5002014 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002043 (Security Update) | Important | Remote Code Execution | 5002014 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 5002030 (Security Update) | Important | Remote Code Execution | 5002003 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002030 (Security Update) | Important | Remote Code Execution | 5002003 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Online Server | 5002027 (Security Update) | Important | Remote Code Execution | 5001999 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002036 (Security Update) | Important | Remote Code Execution | 5002009 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40474 | Discovered by Marcin 'Icewall' Noga of Cisco Talos with Cisco Talos |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40479 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40479 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2013 RT Service Pack 1 | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (32-bit editions) | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2013 Service Pack 1 (64-bit editions) | 5001985 (Security Update) | Important | Remote Code Execution | 5001955 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (32-bit edition) | 5001982 (Security Update) | Important | Remote Code Execution | 5001951 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2016 (64-bit edition) | 5001982 (Security Update) | Important | Remote Code Execution | 5001951 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2021-40479 | dio0305 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40480 MITRE NVD |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS score, user interaction is required to exploit this vulnerability. What kind of user interaction is required? A user needs to be tricked into downloading and running malicious files. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40480 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2021-40480 | Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40481 MITRE NVD |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
CVSS: CVSS:3.1 7.1/6.2
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40481 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.1 Temporal: 6.2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
No |
CVE ID | Acknowledgements |
CVE-2021-40481 | Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40482 MITRE NVD |
CVE Title: Microsoft SharePoint Server Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.3/4.8
FAQ: What kind of information can be disclosed? An attacker can gain access to an organizational's email, sites, filename, url of file... Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40482 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Server 2019 | 5002028 (Security Update) | Important | Information Disclosure | 5002018 | Base: 5.3 Temporal: 4.8 Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40482 | Cameron Vincent |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40483 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Low | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40483 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Server 2019 | 5002028 (Security Update) | Low | Spoofing | 5002018 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40483 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40484 MITRE NVD |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
CVSS: CVSS:3.0 7.6/6.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40484 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 5002029 (Security Update) | Important | Spoofing | 5002020 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002042 (Security Update) | Important | Spoofing | 5002024 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002028 (Security Update) | Important | Spoofing | 5002018 | Base: 7.6 Temporal: 6.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40484 | rskvp93 with Viettel Cyber Security |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40485 MITRE NVD |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. According to the CVSS score, user interaction is required to exploit this vulnerability. What kind of user interaction is required? A user needs to be tricked into downloading and running malicious files. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40485 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Excel 2013 RT Service Pack 1 | 5002043 (Security Update) | Important | Remote Code Execution | 5002014 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (32-bit editions) | 5002043 (Security Update) | Important | Remote Code Execution | 5002014 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2013 Service Pack 1 (64-bit editions) | 5002043 (Security Update) | Important | Remote Code Execution | 5002014 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (32-bit edition) | 5002030 (Security Update) | Important | Remote Code Execution | 5002003 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Excel 2016 (64-bit edition) | 5002030 (Security Update) | Important | Remote Code Execution | 5002003 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Online Server | 5002027 (Security Update) | Important | Remote Code Execution | 5001999 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 4493202 (Security Update) | Important | Remote Code Execution | 4486724 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40485 | Zesen Ye (@wh1tc) with Sangfor |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40486 MITRE NVD |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Critical | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40486 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
No |
Microsoft Office Online Server | 5002027 (Security Update) | Critical | Remote Code Execution | 5001999 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Office Web Apps Server 2013 Service Pack 1 | 5002036 (Security Update) | Critical | Remote Code Execution | 5002009 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2013 Service Pack 1 | 5001924 (Security Update) | Critical | Remote Code Execution | 4493201 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Enterprise Server 2016 | 5002029 (Security Update) 5002006 (Security Update) |
Critical | Remote Code Execution | 5002020 5001981 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002028 (Security Update) | Critical | Remote Code Execution | 5002018 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2013 RT Service Pack 1 | 5001960 (Security Update) | Critical | Remote Code Execution | 5001931 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2013 Service Pack 1 (32-bit editions) | 5001960 (Security Update) | Critical | Remote Code Execution | 5001931 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2013 Service Pack 1 (64-bit editions) | 5001960 (Security Update) | Critical | Remote Code Execution | 5001931 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2016 (32-bit edition) | 5002004 (Security Update) | Critical | Remote Code Execution | 5001949 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
Microsoft Word 2016 (64-bit edition) | 5002004 (Security Update) | Critical | Remote Code Execution | 5001949 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40486 | kdot working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40487 MITRE NVD |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS: CVSS:3.0 8.1/7.1
FAQ: What is the attack vector for this vulnerability? In a network-based attack, an authenticated attacker can gain access to create a site and could execute code remotely within the SharePoint Server. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40487 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft SharePoint Enterprise Server 2016 | 5002029 (Security Update) | Important | Remote Code Execution | 5002020 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Foundation 2013 Service Pack 1 | 5002042 (Security Update) | Important | Remote Code Execution | 5002024 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft SharePoint Server 2019 | 5002028 (Security Update) | Important | Remote Code Execution | 5002018 | Base: 8.1 Temporal: 7.1 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-40487 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40488 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40488 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40488 | Anonymous working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-40489 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How could an attacker exploit this vulnerability? An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an IOCTL parameter, which could lead to an out-of-bounds buffer write. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-40489 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-40489 | nghiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-26441 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: How could an attacker exploit this vulnerability? An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an IOCTL parameter, which could lead to an out-of-bounds buffer write. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-26441 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-26441 | nghiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-26442 MITRE NVD |
CVE Title: Windows HTTP.sys Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-26442 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Elevation of Privilege | 5005606 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-26442 | Erik Egsgard with Field Effect Software |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41330 MITRE NVD |
CVE Title: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41330 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41330 | Zhihua Yao with KunLun Lab Milan Kyselica with IstroSec |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41331 MITRE NVD |
CVE Title: Windows Media Audio Decoder Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41331 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41331 | HAO LI of VenusTech ADLab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41332 MITRE NVD |
CVE Title: Windows Print Spooler Information Disclosure Vulnerability
CVSS: CVSS:3.1 6.5/5.7
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41332 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Information Disclosure | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 6.5 Temporal: 5.7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41332 | Liubenjin with Codesafe Team of Legendsec at Qi'anxin Group |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41334 MITRE NVD |
CVE Title: Windows Desktop Bridge Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.0/6.1
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41334 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.0 Temporal: 6.1 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41334 | Joe Bialek, MSRC Vulnerabilities and Mitigations Team |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41335 MITRE NVD |
CVE Title: Windows Kernel Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/7.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41335 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Elevation of Privilege | 5005633 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41335 | Walied Assar |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41336 MITRE NVD |
CVE Title: Windows Kernel Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41336 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41336 | Kyle Westhaus working with Microsoft Security Assurance & Vulnerability Research |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41337 MITRE NVD |
CVE Title: Active Directory Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 4.9/4.3
FAQ: What security feature could be bypassed by exploiting this vulnerability? This vulnerability could allow an attacker to bypass Active Directory domain permissions for Key Admins groups. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41337 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows Server 2016 | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 4.9 Temporal: 4.3 Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41337 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41338 MITRE NVD |
CVE Title: Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 5.5/5.0
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41338 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Security Feature Bypass | 5005569 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Security Feature Bypass | 5005569 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Security Feature Bypass | 5005566 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Security Feature Bypass | 5005566 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Security Feature Bypass | 5005566 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Security Feature Bypass | None | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Security Feature Bypass | 5005573 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Security Feature Bypass | 5005030 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Security Feature Bypass | 5005575 | Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.5 Temporal: 5.0 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41338 | James Forshaw of Google Project Zero |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41339 MITRE NVD |
CVE Title: Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 4.7/4.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41339 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 4.7 Temporal: 4.2 Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41339 | He YiSheng, Zhang WangJunJie, Li WenYue with Hillstone Security Technology Research Institute. 情報セキュリティ技術研究所 He YiSheng, Zhang WangJunJie, Li WenYue with Hillstone Security Technology Research Institute. 情報セキュリティ技術研究所 He YiSheng, Zhang WangJunJie, and Li WenYue of Hillstone Network Security Research Institute |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41340 MITRE NVD |
CVE Title: Windows Graphics Component Remote Code Execution Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41340 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Remote Code Execution | 5005606 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Remote Code Execution | 5005633 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Remote Code Execution | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Remote Code Execution | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41340 | dio0305 |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41342 MITRE NVD |
CVE Title: Windows MSHTML Platform Remote Code Execution Vulnerability
CVSS: CVSS:3.0 6.8/6.1
FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Remote Code Execution |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41342 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Remote Code Execution | 5005569 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Remote Code Execution | 5005566 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Remote Code Execution | 5005565 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Remote Code Execution | None | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006671 (IE Cumulative) |
Important | Remote Code Execution | 5005633 5005563 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006671 (IE Cumulative) |
Important | Remote Code Execution | 5005633 5005563 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006671 (IE Cumulative) 5006714 (Monthly Rollup) |
Important | Remote Code Execution | 5005563 5005613 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006671 (IE Cumulative) 5006714 (Monthly Rollup) |
Important | Remote Code Execution | 5005563 5005613 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Remote Code Execution | 5005613 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006671 (IE Cumulative) 5006736 (Monthly Rollup) |
Important | Remote Code Execution | 5005563 5005606 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006671 (IE Cumulative) 5006736 (Monthly Rollup) |
Important | Remote Code Execution | 5005563 5005606 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006671 (IE Cumulative) |
Important | Remote Code Execution | 5005633 5005563 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006671 (IE Cumulative) 5006739 (Monthly Rollup) |
Important | Remote Code Execution | 5005563 5005623 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006671 (IE Cumulative) 5006714 (Monthly Rollup) |
Important | Remote Code Execution | 5005563 5005613 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Remote Code Execution | 5005573 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Remote Code Execution | 5005030 |
Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Remote Code Execution | 5005575 | Base: 6.8 Temporal: 6.1 Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41342 | j00sean |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41343 MITRE NVD |
CVE Title: Windows Fast FAT File System Driver Information Disclosure Vulnerability
CVSS: CVSS:3.0 5.5/4.8
FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41343 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Information Disclosure | 5005569 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Information Disclosure | 5005566 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Information Disclosure | None | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for 32-bit Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 7 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5006736 (Monthly Rollup) 5006715 (Security Only) |
Important | Information Disclosure | 5005606 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5006743 (Monthly Rollup) 5006728 (Security Only) |
Important | Information Disclosure | 5005633 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Information Disclosure | 5005623 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Information Disclosure | 5005613 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Information Disclosure | 5005573 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Information Disclosure | 5005030 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Information Disclosure | 5005575 | Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Information Disclosure | 5005565 |
Base: 5.5 Temporal: 4.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41343 | OldStone of Kunlun Lab |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41345 MITRE NVD |
CVE Title: Storage Spaces Controller Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41345 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for 32-bit systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 8.1 for x64-based systems | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows RT 8.1 | 5006714 (Monthly Rollup) | Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 (Server Core installation) | 5006739 (Monthly Rollup) 5006732 (Security Only) |
Important | Elevation of Privilege | 5005623 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2012 R2 (Server Core installation) | 5006714 (Monthly Rollup) 5006729 (Security Only) |
Important | Elevation of Privilege | 5005613 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41345 | nghiadt12 from Viettel Cyber Security working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41346 MITRE NVD |
CVE Title: Console Window Host Security Feature Bypass Vulnerability
CVSS: CVSS:3.0 5.3/4.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41346 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Security Feature Bypass | 5005565 |
Base: 5.3 Temporal: 4.6 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41346 | Thomas Imbert @masthoon of Synacktiv |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41347 MITRE NVD |
CVE Title: Windows AppX Deployment Service Elevation of Privilege Vulnerability
CVSS: CVSS:3.0 7.8/6.8
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41347 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 for 32-bit Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 for x64-based Systems | 5006675 (Security Update) | Important | Elevation of Privilege | 5005569 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for 32-bit Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1607 for x64-based Systems | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for 32-bit Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for ARM64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1809 for x64-based Systems | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for 32-bit Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for ARM64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 1909 for x64-based Systems | 5006667 (Security Update) | Important | Elevation of Privilege | 5005566 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2016 (Server Core installation) | 5006669 (Security Update) | Important | Elevation of Privilege | 5005573 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2019 (Server Core installation) | 5006672 (Security Update) | Important | Elevation of Privilege | 5005030 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 6.8 Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41347 | Abdelhamid Naceri working with Trend Micro Zero Day Initiative |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41352 MITRE NVD |
CVE Title: SCOM Information Disclosure Vulnerability
CVSS: CVSS:3.0 7.5/6.5
FAQ: In what instances do I need to install the security update for this vulnerability? This vulnerability only affects machines that have the SCOM web console installed. SCOM web console server machines should have this update installed to be protected from the vulnerability. Do I need to install the update if my machine is not set up as a web console server? No. Customers whose machines are not SCOM web console server machines do not need to install this update. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is file content. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Information Disclosure |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41352 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
System Center 2012 R2 Operations Manager | 5006871 (Security Update) | Important | Information Disclosure | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
System Center 2016 Operations Manager | 5006871 (Security Update) | Important | Information Disclosure | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
System Center 2019 Operations Manager | 5006871 (Security Update) | Important | Information Disclosure | None | Base: 7.5 Temporal: 6.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-41352 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41353 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
CVSS: CVSS:3.0 5.4/4.7
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41353 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 (on-premises) version 9.0 | 4618795 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Dynamics 365 (on-premises) version 9.1 | 4618810 (Security Update) | Important | Spoofing | None | Base: 5.4 Temporal: 4.7 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-41353 | Ashar Javed of Hyundai AutoEver Europe GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41354 MITRE NVD |
CVE Title: Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
CVSS: CVSS:3.0 4.1/3.6
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Spoofing |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41354 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Dynamics 365 (on-premises) version 9.0 | 4618795 (Security Update) | Important | Spoofing | None | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
Microsoft Dynamics 365 (on-premises) version 9.1 | 4618810 (Security Update) | Important | Spoofing | None | Base: 4.1 Temporal: 3.6 Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C |
Maybe |
CVE ID | Acknowledgements |
CVE-2021-41354 | Ashar Javed of Hyundai AutoEver Europe GmbH |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41357 MITRE NVD |
CVE Title: Win32k Elevation of Privilege Vulnerability
CVSS: CVSS:3.1 7.8/7.2
FAQ: None Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Elevation of Privilege |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41357 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Windows 10 Version 2004 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 2004 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 20H2 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for 32-bit Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for ARM64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 10 Version 21H1 for x64-based Systems | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for ARM64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows 11 for x64-based Systems | 5006674 (Security Update) | Important | Elevation of Privilege | None | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server 2022 (Server Core installation) | 5006699 (Security Update) | Important | Elevation of Privilege | 5005575 | Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server, version 2004 (Server Core installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
Windows Server, version 20H2 (Server Core Installation) | 5006670 (Security Update) | Important | Elevation of Privilege | 5005565 |
Base: 7.8 Temporal: 7.2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
Yes |
CVE ID | Acknowledgements |
CVE-2021-41357 | Anonymous |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37974 MITRE NVD |
CVE Title: Chromium: CVE-2021-37974 Use after free in Safe Browsing
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37974 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37974 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37975 MITRE NVD |
CVE Title: Chromium: CVE-2021-37975 Use after free in V8
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37975 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37975 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37976 MITRE NVD |
CVE Title: Chromium: CVE-2021-37976 Information leak in core
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-01T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37976 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37976 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
CVE-2021-41363 MITRE NVD |
CVE Title: Intune Management Extension Security Feature Bypass Vulnerability
CVSS: CVSS:3.1 4.2/3.8
FAQ: Are there any pre-requisites for this vulnerability to be exploited in Intune Management Extension? This vulnerability only exists when Intune Management Extension is enabled as managed installer. Enabling IME as managed installer requires local administrator privileges. Mitigations: None Workarounds: None Revision: 1.0    2021-10-12T07:00:00Z     Information published. |
Important | Security Feature Bypass |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
CVE-2021-41363 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Intune management extension | Important | Security Feature Bypass | None | Base: 4.2 Temporal: 3.8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C |
Unknown |
CVE ID | Acknowledgements |
CVE-2021-41363 | Kim Oppalfens with OSCC |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37977 MITRE NVD |
CVE Title: Chromium: CVE-2021-37977 Use after free in Garbage Collection
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-11T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37977 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37977 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37978 MITRE NVD |
CVE Title: Chromium: CVE-2021-37978 Heap buffer overflow in Blink
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-11T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37978 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37978 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37979 MITRE NVD |
CVE Title: Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-11T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37979 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37979 | None |
CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
CVE-2021-37980 MITRE NVD |
CVE Title: Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox
CVSS: None FAQ: What is the version information for this release?
Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. How can I see the version of the browser?
Mitigations: None Workarounds: None Revision: 1.0    2021-10-11T07:00:00Z     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment of each of the vulnerabilities addressed this month. The vulnerabilities are listed in order of bulletin ID then CVE ID. Only vulnerabilities that have a severity rating of Critical or Important in the bulletins are included.
Exploitability Assessment | Publicly Disclosed | Exploited |
Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
CVE-2021-37980 | ||||||
Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Restart Required |
Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
No |
CVE ID | Acknowledgements |
CVE-2021-37980 | None |