Msrc Windows 10 Version 1809 vulnerabilities

CVE-2021-26869 [MEDIUM] Windows ActiveX Installer Service Information Disclosure Vulnerability Windows ActiveX Installer Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Microsoft ActiveX: Microsoft ActiveX Microsoft: Microsoft Impact: Information Disclosu

CVE-2021-26886 [MEDIUM] User Profile Service Denial of Service Vulnerability User Profile Service Denial of Service Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://cat

CVE-2021-24074 [CRITICAL] Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability FAQ: Where can I find more information about this vulnerability? Please see MSRC Blog regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094. Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Like

CVE-2021-24077 [CRITICAL] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: In what scenarios is my computer vulnerable? For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. How can I verify whether the Fa

CVE-2021-24094 [CRITICAL] Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability FAQ: Where can I find more information about this vulnerability? Please see MSRC Blog regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094. Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Like

CVE-2021-1722 [HIGH] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: In what scenarios is my computer vulnerable? For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. How can I verify whether the Fax ser

CVE-2021-24083 [HIGH] Windows Address Book Remote Code Execution Vulnerability Windows Address Book Remote Code Execution Vulnerability Windows Address Book: Windows Address Book Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354 Reference: https://catalog.u

CVE-2021-24093 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. Howe

CVE-2021-24102 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354 Reference: https://ca

CVE-2021-24081 [HIGH] Microsoft Windows Codecs Library Remote Code Execution Vulnerability Microsoft Windows Codecs Library Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Searc

CVE-2020-17162 [HIGH] Microsoft Windows Security Feature Bypass Vulnerability Microsoft Windows Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? It is a bypass of Extended Protection for Authentication(EPA) where Service Principle Name could allow Windows store UAP applications to elevate privileges. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status

CVE-2021-25195 [HIGH] Windows PKU2U Elevation of Privilege Vulnerability Windows PKU2U Elevation of Privilege Vulnerability FAQ: What is PKU2U? PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts. How do I know if my servers are exploitable by this vulnerability? If your servers are not configured to allow the use of PKU2U authentication, they wo

CVE-2021-24088 [HIGH] Windows Local Spooler Remote Code Execution Vulnerability Windows Local Spooler Remote Code Execution Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319 Re

CVE-2021-24103 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354 Reference: https://ca

CVE-2021-24091 [HIGH] Windows Camera Codec Pack Remote Code Execution Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB460

CVE-2021-1727 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354 Reference: https://catalog.update.mic

CVE-2021-1734 [HIGH] Windows Remote Procedure Call Information Disclosure Vulnerability Windows Remote Procedure Call Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Remote Procedure Call: Windows Remote Procedu

CVE-2021-24086 [CRITICAL] Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Denial of Service Vulnerability FAQ: Where can I find more information about this vulnerability? Please see MSRC Blog regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094. Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Sof

CVE-2021-24079 [MEDIUM] Windows Backup Engine Information Disclosure Vulnerability Windows Backup Engine Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;La

CVE-2021-24080 [MEDIUM] Windows Trust Verification API Denial of Service Vulnerability Windows Trust Verification API Denial of Service Vulnerability Windows Trust Verification API: Windows Trust Verification API Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319