CVE-2021-26443
published 2021-11-10CVE-2021-26443: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
critical9CVSS 3.1
AVAACLPRLUINSCCHIHAH
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2300 | 10.0.17763.2300 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1916 | 10.0.18363.1916 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1348 | 10.0.19041.1348 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1348 | 10.0.19043.1348 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.318 | 10.0.22000.318 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2300 | 10.0.17763.2300 |
| microsoft | windows_server_2022 | >= 10.0.0 < 10.0.20348.350 | 10.0.20348.350 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1348 | 10.0.19041.1348 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19041.1348 | 10.0.19041.1348 |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_1909_for_x64-based_systems | — | — |
| msrc | windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h1_for_x64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_version_2004 | — | — |
| msrc | windows_server_version_20h2 | — | — |
GHSA
GHSA-v594-fc8g-fg3j: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-26443 [CRITICAL] GHSA-v594-fc8g-fg3j: Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Microsoft
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
vendor_msrc·2021-11-09·CVSS 9.0
CVE-2021-26443 [CRITICAL] Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
A remote code execution vulnerability exists when a VM guest fails to properly handle communication on a VMBus channel. To exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Host. An attacker who successfully exploited the vulnerability could execute arbitrary code on the host operating system.
Does this update need to be applied to Hyper-V guest virtual machines?
If the guest VM is running nested VMs, then this machine becomes a host and is vulnerable to CVE-2021-26443 and the update will need to be applied to mitigate this vulnerability. If the Guest VM is not running
No detection rules found.
No public exploits indexed.
Qualys
Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities | Qualys
blogs_qualys·2021-11-11·CVSS 9.0
CVE-2021-42298 [CRITICAL] Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities | Qualys
#### Table of Contents
- Microsoft Patch Tuesday November 2021
- Adobe Patch Tuesday October 2021
- Discover Patch Tuesday Vulnerabilities in VMDR
- Respond by Patching
- Patch Tuesday Dashboard
- About Patch Tuesday
## Microsoft Patch Tuesday – November 2021
Microsoft patched 55 vulnerabilities in their November 2021 Patch Tuesday release, of which six are rated as critical severity and six were previously reported as zero-days.
### Critical Microsoft Vulnerabilities Patched
CVE-2021-42298 – Microsoft Defender Remote Code Execution Vulnerability
This vulnerability in Microsoft Defender can be exploited using Maliciously crafted files. The remote code execution vulnerability will be triggered when the malicious file is opened by a user or scanned automatically via an outdated version
Qualys
Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities
blogs_qualys·2021-11-11·CVSS 9.0
CVE-2021-42298 [CRITICAL] Microsoft & Adobe Patch Tuesday (November 2021) – Microsoft 55 Vulnerabilities with 6 Critical, 6 Zero-Days. Adobe 4 Vulnerabilities
## Table of Contents
Microsoft Patch Tuesday November 2021
Adobe Patch Tuesday October 2021
Discover Patch Tuesday Vulnerabilities in VMDR
Respond by Patching
Patch Tuesday Dashboard
About Patch Tuesday
## Microsoft Patch Tuesday – November 2021
Microsoft patched 55 vulnerabilities in their November 2021 Patch Tuesday release, of which six are rated as critical severity and six were previously reported as zero-days.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-42298 – Microsoft Defender Remote Code Execution Vulnerability
This vulnerability in Microsoft Defender can be exploited using Maliciously crafted files. The remote code execution vulnerability will be triggered when the malicious file is opened by a user or scanned automatically via an outdated version of Micros
Trendmicro
November Continues Streak of Quiet Patch Tuesdays
blogs_trendmicro·2021-11-10·CVSS 9.0
[CRITICAL] November Continues Streak of Quiet Patch Tuesdays
Ausnutzung von Schwachstellen
## November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
By: Trend Micro Nov 10, 2021 Read time: ( words)
Save to Folio
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulne
Trendmicro
November Continues Streak of Quiet Patch Tuesdays
blogs_trendmicro·2021-11-10·CVSS 9.0
[CRITICAL] November Continues Streak of Quiet Patch Tuesdays
Exploits y vulnerabilidades
## November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
By: Trend Micro Nov 10, 2021 Read time: ( words)
Save to Folio
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulnera
Trendmicro
November Continues Streak of Quiet Patch Tuesdays
blogs_trendmicro·2021-11-10·CVSS 9.0
[CRITICAL] November Continues Streak of Quiet Patch Tuesdays
Exploits & Vulnerabilities
## November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
By: Trend Micro Nov 10, 2021 Read time: ( words)
Save to Folio
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulnerab
Trendmicro
November Continues Streak of Quiet Patch Tuesdays
blogs_trendmicro·2021-11-10·CVSS 9.0
[CRITICAL] November Continues Streak of Quiet Patch Tuesdays
Exploits & Vulnerabilities
## November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
By: Trend Micro 2021/11/10 Read time: ( words)
Save to Folio
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulnerabil
Trendmicro
November Continues Streak of Quiet Patch Tuesdays
blogs_trendmicro·2021-11-10·CVSS 9.0
[CRITICAL] November Continues Streak of Quiet Patch Tuesdays
Exploits & Vulnerabilities
# November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
By: Trend Micro
2021/11/10
Read time: ( words)
Save to Folio
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulnerabil
Trendmicro
November Continues Streak of Quiet Patch Tuesdays
blogs_trendmicro·2021-11-10·CVSS 9.0
[CRITICAL] November Continues Streak of Quiet Patch Tuesdays
Sfruttamento vulnerabilità
## November Continues Streak of Quiet Patch Tuesdays
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November.
By: Trend Micro Nov 10, 2021 Read time: ( words)
Save to Folio
November continues a recent pattern of relatively peaceful Patch Tuesday cycles. There were only six vulnerabilities rated as Critical this month, with 49 more rated as Important for a total of 55 for the month of November (less than half of the vulnerabilities in November last year). Of these 55, four were submitted via the Zero Day Initiative (ZDI).
Critical Vulnerabilities: Defender, Remote Desktop
Two Critical vulnerab
Talos
Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-11-09·CVSS 8.8
CVE-2021-42292 [HIGH] Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Tiago Pereira.
Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild.
November’s security update features six critical vulnerabilities, up from last month’s two, which was far lower than average for Microsoft. The other 50 vulnerabilities fixed today are considered “important.”
CVE-2021-42292 is one of those vulnerabilities considered “important” and not critical, though it is the only one included in this security update that Microsoft reports has been spotted being exploited in the wild. An attacker could exploit this vulnerability in Microsoft Excel to bypass certain security settings on targeted machines.
In
Talos
Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities
blogs_talos·2021-11-09·CVSS 8.8
[HIGH] Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities
## Microsoft Patch Tuesday for Nov. 2021 — Snort rules and prominent vulnerabilities
By Jon Munshaw and Tiago Pereira.
Microsoft released its monthly security update Tuesday, disclosing 56 vulnerabilities in the company’s various software, hardware and firmware offerings, including one that’s actively being exploited in the wild.
November’s security update features six critical vulnerabilities, up from last month’s two, which was far lower than average for Microsoft. The other 50 vulnerabilities fixed today are considered “important.”
CVE-2021-42292 is one of those vulnerabilities considered “important” and not critical, though it is the only one included in this security update that Microsoft reports has been spotted being exploited in the wild. An attacker could exploit this vulnerab
Crowdstrike
November 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] November 2021 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
November 2021 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] November 2021 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2021-11-10
Published