Msrc Windows Server 2019 vulnerabilities

CVE-2021-36948 [HIGH] Windows Update Medic Service Elevation of Privilege Vulnerability Windows Update Medic Service Elevation of Privilege Vulnerability Windows Update: Windows Update Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 Reference: https://support

CVE-2021-34535 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. In the case of Hyper-V, a malicious program running in a gues

CVE-2021-34537 [HIGH] Windows Bluetooth Driver Elevation of Privilege Vulnerability Windows Bluetooth Driver Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programatically running certain functions that could lead to elevation of privilege on the Bluetooth component. Windows Bluetooth Service: Windows Bluetooth Service Microsoft: Microsoft Impact: Elevation of Privi

CVE-2021-26426 [HIGH] Windows User Account Profile Picture Elevation of Privilege Vulnerability Windows User Account Profile Picture Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Se

CVE-2021-34484 [HIGH] Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service Elevation of Privilege Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB50

CVE-2021-36926 [HIGH] Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver Microsoft: Microsoft Impa

CVE-2021-34487 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 Reference: https://su

CVE-2021-34530 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030

CVE-2021-36933 [HIGH] Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver Microsoft: Microsoft Impa

CVE-2021-34486 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 Reference: https://su

CVE-2021-34533 [HIGH] Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Windows Graphics Component Font Parsing Remote Code Execution Vulnerability Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site

CVE-2021-36958 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Description: A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user

CVE-2021-26425 [HIGH] Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing Elevation of Privilege Vulnerability Windows Event Tracing: Windows Event Tracing Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 Reference: https://su

CVE-2021-36936 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5005030 R

CVE-2021-36937 [HIGH] Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Windows Media MPEG-4 Video Decoder Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2021-36942 [HIGH] Windows LSA Spoofing Vulnerability Windows LSA Spoofing Vulnerability FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. This security update blocks the affected API calls OpenEncryptedFileRawA and OpenEncryptedFileRawW through LSARPC interface. Is there more information available on how to protect my system? Yes. P

CVE-2021-36932 [HIGH] Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is uninitialized memory. Windows Services for NFS ONCRPC XDR Driver: Windows Services for NFS ONCRPC XDR Driver Microsoft: Microsoft Impa

CVE-2021-34534 [MEDIUM] Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Remote Code Execution Vulnerability FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. I

CVE-2021-36938 [MEDIUM] Windows Cryptographic Primitives Library Information Disclosure Vulnerability Windows Cryptographic Primitives Library Information Disclosure Vulnerability Windows Cryptographic Services: Windows Cryptographic Services Microsoft: Microsoft Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Unlikely;Older Software Release:Exploitation Unlikely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7

CVE-2021-34480 [MEDIUM] Scripting Engine Memory Corruption Vulnerability Scripting Engine Memory Corruption Vulnerability FAQ: According to the CVSS, User Interaction is Required. What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. In a web-based attack s