Msrc Windows Server 2016 vulnerabilities

CVE-2021-27063 [HIGH] Windows DNS Server Denial of Service Vulnerability Windows DNS Server Denial of Service Vulnerability FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standa

CVE-2021-26882 [HIGH] Remote Access API Elevation of Privilege Vulnerability Remote Access API Elevation of Privilege Vulnerability Windows Remote Access API: Windows Remote Access API Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://ca

CVE-2021-26896 [HIGH] Windows DNS Server Denial of Service Vulnerability Windows DNS Server Denial of Service Vulnerability FAQ: Can this vulnerability by mitigated by enabling Secure Zone Updates? Enabling Secure Zone Updates constrains the potential sources of the attack, but does not completely prevent it. For example, a malicious insider could attack a “secure zone update” DNS server from a domain-joined computer. This is only a partial mitigation. Does this vulnerability impact just standa

CVE-2021-26898 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://ca

CVE-2021-26864 [HIGH] Windows Virtual Registry Provider Elevation of Privilege Vulnerability Windows Virtual Registry Provider Elevation of Privilege Vulnerability Windows Registry: Windows Registry Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000822 Referen

CVE-2021-26862 [HIGH] Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://catalog.update.mic

CVE-2021-26880 [HIGH] Storage Spaces Controller Elevation of Privilege Vulnerability Storage Spaces Controller Elevation of Privilege Vulnerability Windows Storage Spaces Controller: Windows Storage Spaces Controller Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=

CVE-2021-26899 [HIGH] Windows UPnP Device Host Elevation of Privilege Vulnerability Windows UPnP Device Host Elevation of Privilege Vulnerability Windows UPnP Device Host: Windows UPnP Device Host Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference

CVE-2021-26866 [HIGH] Windows Update Service Elevation of Privilege Vulnerability Windows Update Service Elevation of Privilege Vulnerability Windows Update Stack: Windows Update Stack Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://ca

CVE-2021-26891 [HIGH] Windows Container Execution Agent Elevation of Privilege Vulnerability Windows Container Execution Agent Elevation of Privilege Vulnerability Windows Container Execution Agent: Windows Container Execution Agent Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/sit

CVE-2021-27077 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://c

CVE-2021-26892 [MEDIUM] Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Extensible Firmware Interface: Windows Extensible Firmware Interface Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update

CVE-2021-24107 [MEDIUM] Windows Event Tracing Information Disclosure Vulnerability Windows Event Tracing Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows Event Tracing: Windows Event Tracing

CVE-2021-26884 [MEDIUM] Windows Media Photo Codec Information Disclosure Vulnerability Windows Media Photo Codec Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Microsoft Windows Codecs Library: Micr

CVE-2021-26869 [MEDIUM] Windows ActiveX Installer Service Information Disclosure Vulnerability Windows ActiveX Installer Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Microsoft ActiveX: Microsoft ActiveX Microsoft: Microsoft Impact: Information Disclosu

CVE-2021-26886 [MEDIUM] User Profile Service Denial of Service Vulnerability User Profile Service Denial of Service Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://cat

CVE-2021-24074 [CRITICAL] Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability FAQ: Where can I find more information about this vulnerability? Please see MSRC Blog regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094. Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Like

CVE-2021-24077 [CRITICAL] Windows Fax Service Remote Code Execution Vulnerability Windows Fax Service Remote Code Execution Vulnerability FAQ: In what scenarios is my computer vulnerable? For Windows 11 and Windows 10 the FAX service is not installed by default. For the vulnerability to be exploitable, the Windows Fax and Scan feature needs to be enabled, and the Fax service needs to be running. Systems that do not have the Fax service running are not vulnerable. How can I verify whether the Fa

CVE-2021-24094 [CRITICAL] Windows TCP/IP Remote Code Execution Vulnerability Windows TCP/IP Remote Code Execution Vulnerability FAQ: Where can I find more information about this vulnerability? Please see MSRC Blog regarding the TCP/IP vulnerabilities discussed in CVE-2021-24074, CVE-2021-24086, and CVE-2021-24094. Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Like

CVE-2021-24078 [CRITICAL] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Role: DNS Server: Role: DNS Server Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older So