Msrc Windows Server 2019 vulnerabilities

CVE-2021-40466 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.micr

CVE-2021-26441 [HIGH] Storage Spaces Controller Elevation of Privilege Vulnerability Storage Spaces Controller Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an IOCTL parameter, which could lead to an out-of-bounds buffer

CVE-2021-36953 [HIGH] Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP Denial of Service Vulnerability Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672 Reference: https://support.microsoft.com/help/5006672 Reference

CVE-2021-40465 [HIGH] Windows Text Shaping Remote Code Execution Vulnerability Windows Text Shaping Remote Code Execution Vulnerability Windows Text Shaping: Windows Text Shaping Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672 Reference: https://support.m

CVE-2021-40462 [HIGH] Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://

CVE-2021-40467 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.micr

CVE-2021-40489 [HIGH] Storage Spaces Controller Elevation of Privilege Vulnerability Storage Spaces Controller Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authorized (medium integrity level) attacker could exploit this Windows Storport driver elevation of privilege vulnerability by locally sending through a user mode application a specially crafted request to the driver specifying an IOCTL parameter, which could lead to an out-of-bounds buffer

CVE-2021-40443 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.micr

CVE-2021-41340 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user t

CVE-2021-40475 [MEDIUM] Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Cloud Files Mini Filter

CVE-2021-41361 [MEDIUM] Active Directory Federation Server Spoofing Vulnerability Active Directory Federation Server Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? The ADFS (Active Directory Federation Services) services are vulnerable during the logout redirect request to cross-site scripting of the post logout redirect URI. An attacker who successfully exploited this vulnerability could leave an application using this ADFS library vulnerable to common XSS attack

CVE-2021-40456 [MEDIUM] Windows AD FS Security Feature Bypass Vulnerability Windows AD FS Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability could allow an attacker to bypass ADFS BannedIPList entries for WS-Trust workflows. Role: Windows AD FS Server: Role: Windows AD FS Server Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Lates

CVE-2021-40460 [MEDIUM] Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability could allow an attacker to bypass Extended Protection for Authentication provided by SPN target name validation. Windows Remote Procedure Call Runtime: Windows Remote Procedure Call Runtime Microsoft: M

CVE-2021-38662 [MEDIUM] Windows Fast FAT File System Driver Information Disclosure Vulnerability Windows Fast FAT File System Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Fast FAT Driver: Windows Fast

CVE-2021-40455 [MEDIUM] Windows Installer Spoofing Vulnerability Windows Installer Spoofing Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672 Reference: https://support.microsoft.com/help/5006672 Reference: https://cat

CVE-2021-38663 [MEDIUM] Windows exFAT File System Information Disclosure Vulnerability Windows exFAT File System Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows exFAT File System: Windows exFAT File System Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;

CVE-2021-41337 [MEDIUM] Active Directory Security Feature Bypass Vulnerability Active Directory Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? This vulnerability could allow an attacker to bypass Active Directory domain permissions for Key Admins groups. Role: Windows Active Directory Server: Role: Windows Active Directory Server Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status: Pub

CVE-2021-41342 [MEDIUM] Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Remote Code Execution Vulnerability FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 applicat

CVE-2021-41343 [MEDIUM] Windows Fast FAT File System Driver Information Disclosure Vulnerability Windows Fast FAT File System Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Fast FAT Driver: Windows Fast

CVE-2021-41338 [MEDIUM] Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability Windows AppContainer: Windows AppContainer Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=