Msrc Windows Server 2019 vulnerabilities

CVE-2021-31952 [HIGH] Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Drivers: Windows Kernel-Mode Drivers Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646

CVE-2021-31958 [HIGH] Windows NTLM Elevation of Privilege Vulnerability Windows NTLM Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted serve

CVE-2021-33742 [HIGH] Windows MSHTML Platform Remote Code Execution Vulnerability Windows MSHTML Platform Remote Code Execution Vulnerability FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 applicatio

CVE-2021-1675 [HIGH] Windows Print Spooler Remote Code Execution Vulnerability Windows Print Spooler Remote Code Execution Vulnerability FAQ: Is this the vulnerability that has been referred to publicly as PrintNightmare? No, Microsoft has assigned CVE-2021-34527 to PrintNightmare. CVE-2021-1675 is similar but distinct from CVE-2021-34527. Windows Print Spooler Components: Windows Print Spooler Components Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:

CVE-2021-31973 [HIGH] Windows GPSVC Elevation of Privilege Vulnerability Windows GPSVC Elevation of Privilege Vulnerability Windows Installer: Windows Installer Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 Reference: https://support.microsoft.com/help

CVE-2021-31977 [HIGH] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability FAQ: How might an attacker attempt to exploit this vulnerability? By sending a specially crafted message to the Hyper-V host virtualization stack, a guest VM could cause a reference count in the host virtualization stack to be leaked. In most circumstances, this would result in a memory leak on the Hyper-V host. If the leaked reference count value were to overflow, reference cou

CVE-2021-31953 [HIGH] Windows Filter Manager Elevation of Privilege Vulnerability Windows Filter Manager Elevation of Privilege Vulnerability Windows Filter Manager: Windows Filter Manager Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 Reference: https:

CVE-2021-31975 [HIGH] Server for NFS Information Disclosure Vulnerability Server for NFS Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Network File System: Windows Network File System Microsoft: Microsoft Im

CVE-2021-31951 [HIGH] Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability Windows Kernel: Windows Kernel Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 Reference: https://support.microsoft.com/help/500

CVE-2021-31974 [HIGH] Server for NFS Denial of Service Vulnerability Server for NFS Denial of Service Vulnerability Windows Network File System: Windows Network File System Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 Reference: https://support.microsoft.c

CVE-2021-31956 [HIGH] Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. Additionally, an attacker could convince a local user to open a malicious file. The attacker would ha

CVE-2021-31976 [HIGH] Server for NFS Information Disclosure Vulnerability Server for NFS Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Network File System: Windows Network File System Microsoft: Microsoft Im

CVE-2021-31969 [HIGH] Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Windows Drivers: Windows Drivers Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646

CVE-2021-31954 [HIGH] Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver: Windows Common Log File System Driver Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.micr

CVE-2021-26414 [MEDIUM] Windows DCOM Server Security Feature Bypass Windows DCOM Server Security Feature Bypass FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or

CVE-2021-31971 [MEDIUM] Windows HTML Platforms Security Feature Bypass Vulnerability Windows HTML Platforms Security Feature Bypass Vulnerability FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 applic

CVE-2021-31201 [HIGH] Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability FAQ: Is this CVE related to Adobe CVE-2021-28550? Yes, Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to b

CVE-2021-31970 [MEDIUM] Windows TCP/IP Driver Security Feature Bypass Vulnerability Windows TCP/IP Driver Security Feature Bypass Vulnerability Windows TCP/IP: Windows TCP/IP Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5003646 Reference: https://support.mic

CVE-2021-31199 [HIGH] Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability FAQ: Is this CVE related to Adobe CVE-2021-28550? Yes, Microsoft CVE-2021-31201 and CVE-2021-31199 address vulnerabilities that are related to Adobe's CVE-2021-28550, released in Adobe Security Bulletin ID APSB21-29. Customers running affected versions of Microsoft Windows should install the June security updates to b

CVE-2021-31972 [MEDIUM] Event Tracing for Windows Information Disclosure Vulnerability Event Tracing for Windows Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Windows Event Logging Service: Windows