Msrc Windows Server 2022 vulnerabilities

CVE-2021-43235 [MEDIUM] Storage Spaces Controller Information Disclosure Vulnerability Storage Spaces Controller Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Storage: Windows Storage Microsoft: Microsoft Im

CVE-2021-43244 [MEDIUM] Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Kernel: Windows Kernel Microsoft: Microsoft Impact: Information Disclo

CVE-2021-43227 [MEDIUM] Storage Spaces Controller Information Disclosure Vulnerability Storage Spaces Controller Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of Kernel memory. An attacker could read the contents of Kernel memory from a user mode process. Windows Storage Spaces Controller: Windows Storage Spaces

CVE-2021-43246 [MEDIUM] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5008218 Reference: https://support.microsoft.com/help/

CVE-2021-26443 [CRITICAL] Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? A remote code execution vulnerability exists when a VM guest fails to properly handle communication on a VMBus channel. To exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Hos

CVE-2021-41356 [HIGH] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007206 Reference: https://support.microsoft.com/help/500

CVE-2021-42276 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.

CVE-2021-36957 [HIGH] Windows Desktop Bridge Elevation of Privilege Vulnerability Windows Desktop Bridge Elevation of Privilege Vulnerability Windows Desktop Bridge: Windows Desktop Bridge Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB500

CVE-2021-42287 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about the improved authentication process added by the update for CVE-2021-42287? See Authentication updates. Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No

CVE-2021-41378 [HIGH] Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007206 Reference: https://support.microsoft.

CVE-2021-42282 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about Verification of uniqueness for user principal name, service principal name, or the service principal name alias? See Verification of uniqueness for user principal name, service principal name, and the service principal name alias. Windows Active Directory: Windows Active Directory Microsof

CVE-2021-38665 [HIGH] Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows RDP: Windows RDP Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Ex

CVE-2021-42291 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about Active Directory permissions updates? See Active Directory permissions updates. Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release

CVE-2021-42278 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about Active Directory SAM Account hardening changes? See Active Directory SAM Account hardening changes. Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Lat

CVE-2021-41366 [HIGH] Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability Windows Cred SSProvider Protocol: Windows Cred SSProvider Protocol Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Le

CVE-2021-42280 [MEDIUM] Windows Feedback Hub Elevation of Privilege Vulnerability Windows Feedback Hub Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Windows Feedback Hub: Windows Feedback Hub Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege

CVE-2021-42277 [MEDIUM] Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Windows Diagnostic Hub: Windows Diagnostic Hub Microsoft: Microsoft Customer Action Required: Yes

CVE-2021-42279 [MEDIUM] Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Windows Scripting: Windows Scripting Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007186 Reference: https://support.micro

CVE-2021-42284 [MEDIUM] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability FAQ: What are the vulnerable configurations of Hyper-V? Any installation of Hyper-V that exposes one or more virtual switches to guests would be vulnerable. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Li

CVE-2021-42274 [MEDIUM] Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.micr