Msrc Windows Server 2012 R2 vulnerabilities

CVE-2021-34535 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. In the case of Hyper-V, a malicious program running in a gues

CVE-2021-34537 [HIGH] Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Bluetooth Driver Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programatically running certain functions that could lead to elevation of privilege on the Bluetooth component. Windows Bluetooth Service: Windows Bluetooth Service Microsoft: Microsoft Impact: Elevation of Privi

CVE-2021-26426 [HIGH] Windows User Account Profile Picture Elevation of Privilege Vulnerability Windows User Account Profile Picture Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Se

CVE-2021-34484 [HIGH] Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50

CVE-2021-36926 [HIGH] Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver Microsoft: Microsoft Impa

CVE-2021-36933 [HIGH] Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver Microsoft: Microsoft Impa

CVE-2021-34533 [HIGH] Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site

CVE-2021-36958 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user

CVE-2021-26425 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 Reference: https://su

CVE-2021-36936 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 R

CVE-2021-36937 [HIGH] Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2021-36927 [HIGH] Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability Windows Digital TV Tuner device registration application Elevation of Privilege Vulnerability Windows Media: Windows Media Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/

CVE-2021-36942 [HIGH] Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface. Is there more information available on how to protect my system? Yes. P

CVE-2021-36932 [HIGH] Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver Microsoft: Microsoft Impa

CVE-2021-34480 [MEDIUM] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack s

CVE-2021-34481 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user

CVE-2021-34441 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation: Microsoft Windows Media Foundation Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/si

CVE-2021-33749 [HIGH] Windows DNS Snap-in Remote Code Execution Vulnerability Windows DNS Snap-in Remote Code Execution Vulnerability FAQ: How could an attacker exploit the vulnerability? An administrator would need to view a malicious record in the DNS Snap-in to allow exploitation this vulnerability. Role: DNS Server: Role: DNS Server Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older

CVE-2021-31183 [HIGH] Windows TCP/IP Driver Denial of Service Vulnerability Windows TCP/IP Driver Denial of Service Vulnerability Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5004244 Reference: https://support.microsoft.com/help/5004

CVE-2021-34511 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5004244 Reference: https://support.microsoft.