Msrc Windows Server Version 1909 vulnerabilities

CVE-2021-26889 [HIGH] Windows Update Stack Elevation of Privilege Vulnerability Windows Update Stack Elevation of Privilege Vulnerability Windows Update Stack: Windows Update Stack Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://catalo

CVE-2021-26880 [HIGH] Storage Spaces Controller Elevation of Privilege Vulnerability Storage Spaces Controller Elevation of Privilege Vulnerability Windows Storage Spaces Controller: Windows Storage Spaces Controller Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=

CVE-2021-26866 [HIGH] Windows Update Service Elevation of Privilege Vulnerability Windows Update Service Elevation of Privilege Vulnerability Windows Update Stack: Windows Update Stack Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://ca

CVE-2021-26876 [HIGH] OpenType Font Parsing Remote Code Execution Vulnerability OpenType Font Parsing Remote Code Execution Vulnerability Microsoft Graphics Component: Microsoft Graphics Component Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference:

CVE-2021-26891 [HIGH] Windows Container Execution Agent Elevation of Privilege Vulnerability Windows Container Execution Agent Elevation of Privilege Vulnerability Windows Container Execution Agent: Windows Container Execution Agent Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/sit

CVE-2021-26900 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability Windows Win32K: Windows Win32K Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000808 Reference: https://support.microsoft.com/help/500

CVE-2021-26892 [MEDIUM] Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Extensible Firmware Interface Security Feature Bypass Vulnerability Windows Extensible Firmware Interface: Windows Extensible Firmware Interface Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update

CVE-2021-26884 [MEDIUM] Windows Media Photo Codec Information Disclosure Vulnerability Windows Media Photo Codec Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is memory layout - the vulnerability allows an attacker to collect information that facilitates predicting addressing of the memory. Microsoft Windows Codecs Library: Micr

CVE-2021-26869 [MEDIUM] Windows ActiveX Installer Service Information Disclosure Vulnerability Windows ActiveX Installer Service Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Microsoft ActiveX: Microsoft ActiveX Microsoft: Microsoft Impact: Information Disclosu

CVE-2021-26886 [MEDIUM] User Profile Service Denial of Service Vulnerability User Profile Service Denial of Service Vulnerability Windows User Profile Service: Windows User Profile Service Microsoft: Microsoft Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5000809 Reference: https://cat

CVE-2021-24078 [CRITICAL] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Role: DNS Server: Role: DNS Server Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older So

CVE-2021-1732 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability Windows Kernel: Windows Kernel Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:Yes;Latest Software Release:Exploitation Detected;Older Software Release:Exploitation Detected;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354 Reference: https://catalog.update.microsoft.com/v7/site

CVE-2021-24083 [HIGH] Windows Address Book Remote Code Execution Vulnerability Windows Address Book Remote Code Execution Vulnerability Windows Address Book: Windows Address Book Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601354 Reference: https://catalog.u

CVE-2021-24093 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. Howe

CVE-2021-1698 [HIGH] Windows Win32k Elevation of Privilege Vulnerability Windows Win32k Elevation of Privilege Vulnerability Windows Kernel: Windows Kernel Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4601319 Reference: https://support.microsoft.com/help/4601

CVE-2021-24081 [HIGH] Microsoft Windows Codecs Library Remote Code Execution Vulnerability Microsoft Windows Codecs Library Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Searc

CVE-2020-17162 [HIGH] Microsoft Windows Security Feature Bypass Vulnerability Microsoft Windows Security Feature Bypass Vulnerability FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? It is a bypass of Extended Protection for Authentication(EPA) where Service Principle Name could allow Windows store UAP applications to elevate privileges. Microsoft Windows: Microsoft Windows Microsoft: Microsoft Impact: Security Feature Bypass Exploit Status

CVE-2021-25195 [HIGH] Windows PKU2U Elevation of Privilege Vulnerability Windows PKU2U Elevation of Privilege Vulnerability FAQ: What is PKU2U? PKU2U is a peer-to-peer authentication protocol. This setting prevents online identities from authenticating to domain-joined systems. Authentication will be centrally managed with Windows user accounts. How do I know if my servers are exploitable by this vulnerability? If your servers are not configured to allow the use of PKU2U authentication, they wo

CVE-2021-24091 [HIGH] Windows Camera Codec Pack Remote Code Execution Vulnerability Windows Camera Codec Pack Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB460

CVE-2021-24084 [MEDIUM] Windows Mobile Device Management Information Disclosure Vulnerability Windows Mobile Device Management Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is unauthorized file system access - reading from the file system. Windows Mobile Device Management: Windows Mobile Device Management Microsoft: Microsoft