⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2021-34448 — Out-of-bounds Write in Microsoft Windows 10 Version 1507

CWE-787 — Out-of-bounds Write7 documents6 sources

Severity

6.8MEDIUMCNA

CISA8.8

No vector

EPSS

2.0%

top 16.16%

CISA KEV

KEV

Added 2021-11-03

Due 2021-11-17

Exploit

Exploited in wild

Active exploitation observed

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1809 +12 more

Timeline

PublishedJul 16

KEV addedNov 3

KEV dueNov 17

Latest updateApr 1

CISA Required Action: Apply updates per vendor instructions.

Description

Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability

Affected Packages15 packages

▶CVEListV5microsoft/windows_76.1.0 — 6.1.7601.25661+1

▶CVEListV5microsoft/windows_8.16.3.0 — 6.3.9600.20069+1

▶CVEListV5microsoft/windows_server_20126.2.0 — 6.2.9200.23409+1

▶CVEListV5microsoft/windows_server_201610.0.0 — 10.0.14393.4530

▶CVEListV5microsoft/windows_server_201910.0.0 — 10.0.17763.2061

🔴Vulnerability Details

Project0

The More You Know, The More You Know You Don’t Know - Project Zero↗2022-04-01

▶

CVEList

Scripting Engine Memory Corruption Vulnerability↗2021-07-16

▶

VulnCheck

Microsoft Windows Scripting Engine Memory Corruption Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Microsoft Windows Scripting Engine Memory Corruption Vulnerability↗2021-11-03

▶

Microsoft

Scripting Engine Memory Corruption Vulnerability↗2021-07-13

▶

🕵️Threat Intelligence

Qualys

Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities | Qualys↗2021-07-13

▶

Qualys

Microsoft and Adobe Patch Tuesday (July 2021) – Microsoft 117 Vulnerabilities with 13 Critical, Adobe 26 Vulnerabilities↗2021-07-13

▶

External resources

NVD MITRE CISA KEV

Affected products15

Microsoft Windows 10 Version 1507≥ 10.0.0, < 10.0.10240.19003

Microsoft Windows 10 Version 1607≥ 10.0.0, < 10.0.14393.4530

Microsoft Windows 10 Version 1809≥ 10.0.0, < 10.0.17763.2061

Microsoft Windows 10 Version 1909≥ 10.0.0, < 10.0.18363.1679

Microsoft Windows 10 Version 2004≥ 10.0.0, < 10.0.19041.1110

Microsoft Windows 10 Version 20h2≥ 10.0.0, < 10.0.19042.1110

Microsoft Windows 10 Version 21h1≥ 10.0.0, < 10.0.19043.1110

Microsoft Windows 7≥ 6.1.0, < 6.1.7601.25661≥ 6.1.0, < 1.001

Microsoft Windows 7 Service Pack 1≥ 6.1.0, < 6.1.7601.25661≥ 6.1.0, < 1.001

Microsoft Windows 8.1≥ 6.3.0, < 6.3.9600.20069≥ 6.3.0, < 1.001

Disclosure

PublishedJul 16, 2021

KEV addedNov 3, 2021

KEV dueNov 17, 2021

Latest updateApr 1, 2022