Msrc Windows Server Version 20H2 vulnerabilities

CVE-2021-26443 [CRITICAL] Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? A remote code execution vulnerability exists when a VM guest fails to properly handle communication on a VMBus channel. To exploit the vulnerability, an authenticated attacker could send a specially crafted communication on the VMBus channel from the guest VM to the Hos

CVE-2021-41356 [HIGH] Windows Denial of Service Vulnerability Windows Denial of Service Vulnerability Microsoft Windows: Microsoft Windows Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007206 Reference: https://support.microsoft.com/help/500

CVE-2021-42276 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.

CVE-2021-36957 [HIGH] Windows Desktop Bridge Elevation of Privilege Vulnerability Windows Desktop Bridge Elevation of Privilege Vulnerability Windows Desktop Bridge: Windows Desktop Bridge Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB500

CVE-2021-42287 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about the improved authentication process added by the update for CVE-2021-42287? See Authentication updates. Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No

CVE-2021-41378 [HIGH] Windows NTFS Remote Code Execution Vulnerability Windows NTFS Remote Code Execution Vulnerability Windows NTFS: Windows NTFS Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007206 Reference: https://support.microsoft.

CVE-2021-42282 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about Verification of uniqueness for user principal name, service principal name, or the service principal name alias? See Verification of uniqueness for user principal name, service principal name, and the service principal name alias. Windows Active Directory: Windows Active Directory Microsof

CVE-2021-42291 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about Active Directory permissions updates? See Active Directory permissions updates. Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release

CVE-2021-42278 [HIGH] Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability FAQ: Where can I find more information about Active Directory SAM Account hardening changes? See Active Directory SAM Account hardening changes. Windows Active Directory: Windows Active Directory Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Lat

CVE-2021-42286 [HIGH] Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability Windows Core Shell: Windows Core Shell Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less L

CVE-2021-42280 [MEDIUM] Windows Feedback Hub Elevation of Privilege Vulnerability Windows Feedback Hub Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker would only be able to delete targeted files on a system. They would not gain privileges to view or modify file contents. Windows Feedback Hub: Windows Feedback Hub Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege

CVE-2021-42288 [MEDIUM] Windows Hello Security Feature Bypass Vulnerability Windows Hello Security Feature Bypass Vulnerability Windows Hello: Windows Hello Microsoft: Microsoft Customer Action Required: Yes Impact: Security Feature Bypass Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007206 Reference: https://suppor

CVE-2021-42279 [MEDIUM] Chakra Scripting Engine Memory Corruption Vulnerability Chakra Scripting Engine Memory Corruption Vulnerability Windows Scripting: Windows Scripting Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007186 Reference: https://support.micro

CVE-2021-42284 [MEDIUM] Windows Hyper-V Denial of Service Vulnerability Windows Hyper-V Denial of Service Vulnerability FAQ: What are the vulnerable configurations of Hyper-V? Any installation of Hyper-V that exposes one or more virtual switches to guests would be vulnerable. Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Li

CVE-2021-42274 [MEDIUM] Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability Windows Hyper-V Discrete Device Assignment (DDA) Denial of Service Vulnerability Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely Reference: https://catalog.update.micr

CVE-2021-40470 [HIGH] DirectX Graphics Kernel Elevation of Privilege Vulnerability DirectX Graphics Kernel Elevation of Privilege Vulnerability Windows DirectX: Windows DirectX Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672 Reference: https://support.mi

CVE-2021-40469 [HIGH] Windows DNS Server Remote Code Execution Vulnerability Windows DNS Server Remote Code Execution Vulnerability FAQ: If my server is not configured to be a DNS server, it is vulnerable? No, this vulnerability is only exploitable if the server is configured to be a DNS server. Role: DNS Server: Role: DNS Server Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:Yes;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Softw

CVE-2021-41330 [HIGH] Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Media Foundation Remote Code Execution Vulnerability Microsoft Windows Codecs Library: Microsoft Windows Codecs Library Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/S

CVE-2021-40461 [HIGH] Windows Hyper-V Remote Code Execution Vulnerability Windows Hyper-V Remote Code Execution Vulnerability Role: Windows Hyper-V: Role: Windows Hyper-V Microsoft: Microsoft Impact: Remote Code Execution Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672 Reference: https://support.microsoft

CVE-2021-40450 [HIGH] Win32k Elevation of Privilege Vulnerability Win32k Elevation of Privilege Vulnerability Windows Win32K: Windows Win32K Microsoft: Microsoft Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation More Likely;Older Software Release:Exploitation More Likely;DOS:N/A Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006672 Reference: https://support.microsoft.com/help/5006672 Reference: