CVE-2021-38639
published 2021-09-15CVE-2021-38639: Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability
high7.8
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19060 | 10.0.10240.19060 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4651 | 10.0.14393.4651 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2183 | 10.0.17763.2183 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1801 | 10.0.18363.1801 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1237 | 10.0.19041.1237 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1237 | 10.0.19042.1237 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1237 | 10.0.19043.1237 |
| microsoft | windows_7 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_7_service_pack_1 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20120 | 6.3.9600.20120 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.0.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.0 < 6.1.7601.25712 | 6.1.7601.25712 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.0 < 6.0.6003.21218 | 6.0.6003.21218 |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23462 | 6.2.9200.23462 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20120 | 6.3.9600.20120 |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4651 | 10.0.14393.4651 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2183 | 10.0.17763.2183 |
| microsoft | windows_server_2022 | >= 10.0.0 < 10.0.20348.230 | 10.0.20348.230 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1237 | 10.0.19041.1237 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1237 | 10.0.19042.1237 |
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_1909 | — | — |
| msrc | windows_10_version_2004 | — | — |
Microsoft
Win32k Elevation of Privilege Vulnerability
vendor_msrc·2021-09-14·CVSS 7.8
CVE-2021-38639 [HIGH] Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows Win32K: Windows Win32K
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005568
Reference: https://support.microsoft.com/help/5005568
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005566
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005565
Reference: https://support.microsoft.com/help/5005565
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005575
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB500556
GHSA
GHSA-fppm-8cxc-gx7c: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2021-36975 [HIGH] CWE-269 GHSA-fppm-8cxc-gx7c: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-38639.
GHSA
GHSA-ccq2-rr22-wp3j: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975
ghsa_unreviewed·2022-05-24·CVSS 7.8
CVE-2021-38639 [HIGH] CWE-269 GHSA-ccq2-rr22-wp3j: Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975
Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36975.
CVEList
Win32k Elevation of Privilege Vulnerability
cvelistv5·2021-09-15·CVSS 7.8
CVE-2021-38639 [HIGH] Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
blogs_qualys·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
## Microsoft Patch Tuesday – September 2021
Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability
This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.
Krebs
Microsoft Patch Tuesday, September 2021 Edition
blogs_krebs·2021-09-14·CVSS 4.2
[MEDIUM] Microsoft Patch Tuesday, September 2021 Edition
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software.
Four of the flaws fixed in this patch batch earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.
Top of the critical heap is CVE-2021-40444, which affects the “MSHTML” component of Interne
Tenable
Microsoft’s September 2021 Patch Tuesday Addresses 60 CVEs (CVE-2021-40444)
blogs_tenable·2021-09-14·CVSS 8.8
[HIGH] Microsoft’s September 2021 Patch Tuesday Addresses 60 CVEs (CVE-2021-40444)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Microsoft Patch Tuesday, September 2021 Edition
blogs_krebs·2021-09-14·CVSS 4.2
[MEDIUM] Microsoft Patch Tuesday, September 2021 Edition
Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google ‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat , Reader and a slew of other software.
Four of the flaws fixed in this patch batch earned Microsoft’s most-dire “critical” rating, meaning they could be exploited by miscreants or malware to remotely compromise a Windows PC with little or no help from the user.
Top of the critical heap is CVE-2021-40444 , which affects the “MSHTML” component of Inte
2021-09-15
Published