Msrc Windows Server 2016 vulnerabilities

CVE-2021-1676 [MEDIUM] Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability Windows NT Lan Manager Datagram Receiver Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memo

CVE-2021-1708 [MEDIUM] Windows GDI+ Information Disclosure Vulnerability Windows GDI+ Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Microsoft Graphics Component: Microsoft Graphics Component Micro

CVE-2021-1699 [MEDIUM] Windows (modem.sys) Information Disclosure Vulnerability Windows (modem.sys) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:N

CVE-2021-1696 [MEDIUM] Windows Graphics Component Information Disclosure Vulnerability Windows Graphics Component Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure

CVE-2021-1656 [MEDIUM] TPM Device Driver Information Disclosure Vulnerability TPM Device Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows TPM Device Driver: Windows TPM Device Driver M

CVE-2021-1679 [MEDIUM] Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI Denial of Service Vulnerability Windows CryptoAPI: Windows CryptoAPI Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4598242 Reference: https://

CVE-2021-1683 [MEDIUM] Windows Bluetooth Security Feature Bypass Vulnerability Windows Bluetooth Security Feature Bypass Vulnerability Description: Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X c

CVE-2021-1684 [MEDIUM] Windows Bluetooth Security Feature Bypass Vulnerability Windows Bluetooth Security Feature Bypass Vulnerability Description: Microsoft is aware of the "Impersonation in the Passkey Entry Protocol" vulnerability. For more information regarding the vulnerability, please see this statement from the Bluetooth SIG. To address the vulnerability, Microsoft has released a software update that will fail attempts to pair if the remote device exchanges a public key with the same X c

CVE-2020-17140 [HIGH] Windows SMB Information Disclosure Vulnerability Windows SMB Information Disclosure Vulnerability FAQ: Does this security update target the Server or Client side? In this case the fix targets both sides. Specifically the smb2.srv binary is the primary fix target, which is housed on both sides of the connection. FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this

CVE-2020-17092 [HIGH] Windows Network Connections Service Elevation of Privilege Vulnerability Windows Network Connections Service Elevation of Privilege Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Sea

CVE-2020-16962 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-17096 [HIGH] Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? A local attacker could run a specially crafted application that would elevate the attacker's privileges. A remote attacker with SMBv2 access to a vulnerable system could send specially crafted requests over a network to exploit this vulnerability and execute code on the target system. Windows SMB: Windows SMB Microsoft:

CVE-2020-16958 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16964 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-17095 [HIGH] Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker could run a specially crafted application on a Hyper-V guest that could cause the Hyper-V host operating system to execute arbitrary code when it fails to properly validate vSMB packet data. Windows Hyper-V: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Y

CVE-2020-16960 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16959 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16961 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592438

CVE-2020-16963 [HIGH] Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine Elevation of Privilege Vulnerability Windows Backup Engine: Windows Backup Engine Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4592446

CVE-2020-17138 [MEDIUM] Windows Error Reporting Information Disclosure Vulnerability Windows Error Reporting Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Informati