Msrc Windows 10 vulnerabilities

CVE-2021-31972 [MEDIUM] Event Tracing for Windows Information Disclosure Vulnerability Event Tracing for Windows Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows Event Logging Service: Windows

CVE-2021-31959 [MEDIUM] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-

CVE-2021-28476 [CRITICAL] Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: Under what circumstances might this vulnerability be exploited other than as a denial of service attack against a Hyper-V host? This issue allows a guest VM to force the Hyper-V host's kernel to read from an arbitrary, potentially invalid address. The contents of the address read would not be returned to the guest VM. In most circumstances, this would result in

CVE-2021-31193 [HIGH] Windows SSDP Service Elevation of Privilege Vulnerability Windows SSDP Service Elevation of Privilege Vulnerability Windows SSDP Service: Windows SSDP Service Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003174 Reference: https://catalo

CVE-2021-31188 [HIGH] Windows Graphics Component Elevation of Privilege Vulnerability Windows Graphics Component Elevation of Privilege Vulnerability Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB500317

CVE-2021-31186 [HIGH] Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a ma

CVE-2021-28455 [HIGH] Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability Microsoft Jet Red Database Engine and Access Connectivity Engine Remote Code Execution Vulnerability FAQ: Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. FAQ: How do the security updates address this vulnerability? The security updates address the vulnerability by providing the ability to configure the Jet Red Data

CVE-2021-31194 [HIGH] OLE Automation Remote Code Execution Vulnerability OLE Automation Remote Code Execution Vulnerability Windows OLE: Windows OLE Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003174 Reference: https://catalog.update.microsoft.com/v7/site/Se

CVE-2021-31182 [HIGH] Microsoft Bluetooth Driver Spoofing Vulnerability Microsoft Bluetooth Driver Spoofing Vulnerability Microsoft Bluetooth Driver: Microsoft Bluetooth Driver Microsoft: Microsoft Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003174 Reference: https://catalog.update.microsoft

CVE-2020-24587 [LOW] Windows Wireless Networking Information Disclosure Vulnerability Windows Wireless Networking Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could disclose the contents of encrypted wireless packets on an affected system. Windows Wireless Networking: Windows Wireless Networking MITRE Corporation: MITRE Corporation Impact: Information Disclosure Exploit

CVE-2020-24588 [LOW] Windows Wireless Networking Spoofing Vulnerability Windows Wireless Networking Spoofing Vulnerability Windows Wireless Networking: Windows Wireless Networking MITRE Corporation: MITRE Corporation Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003174 Reference: https://catal

CVE-2020-26144 [MEDIUM] Windows Wireless Networking Spoofing Vulnerability Windows Wireless Networking Spoofing Vulnerability Windows Wireless Networking: Windows Wireless Networking MITRE Corporation: MITRE Corporation Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003174 Reference: https://ca

CVE-2021-28479 [MEDIUM] Windows CSC Service Information Disclosure Vulnerability Windows CSC Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows CSC Service: Windows CSC Service Microsof

CVE-2021-31184 [MEDIUM] Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory and kernel memory - unintentional read access to memory contents in kernel space from a user mode

CVE-2021-28357 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows Remote Procedure Call Runtime: Windows Remote Procedure Call Runtime Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2021-28334 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows Remote Procedure Call Runtime: Windows Remote Procedure Call Runtime Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2021-28315 [HIGH] Windows Media Video Decoder Remote Code Execution Vulnerability Windows Media Video Decoder Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. Ho

CVE-2021-28439 [HIGH] Windows TCP/IP Driver Denial of Service Vulnerability Windows TCP/IP Driver Denial of Service Vulnerability Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5001339 Reference: https://catalog.update.microsoft.com/v7

CVE-2021-28355 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows Remote Procedure Call Runtime: Windows Remote Procedure Call Runtime Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2021-28342 [HIGH] Remote Procedure Call Runtime Remote Code Execution Vulnerability Remote Procedure Call Runtime Remote Code Execution Vulnerability Windows Remote Procedure Call Runtime: Windows Remote Procedure Call Runtime Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S