Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 15, 2021Rewterz Threat Update – Apache Log4j Security Flaw – A Zero-Day for the Entirety of the Internet
December 16, 2021Rewterz Threat Alert – Lazarus APT Group – Active IOCs
December 15, 2021Rewterz Threat Update – Apache Log4j Security Flaw – A Zero-Day for the Entirety of the Internet
December 16, 2021Severity
High
Analysis Summary
CVE-2021-43907
Microsoft Visual Studio Code WSL Extension could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43905
Microsoft Office app could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43899
Microsoft 4K Wireless Display Adapter could allow a remote attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43893
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Encrypting File System component. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43891
Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43889
Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43888
Microsoft Defender for IoT could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-43883
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. An attacker could exploit this vulnerability to gain elevated privileges on the system.
CVE-2021-43880
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Mobile Device Management. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43242
Microsoft SharePoint Server could allow a remote authenticated attacker to conduct spoofing attacks. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to conduct spoofing attacks.
CVE-2021-43207
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-42309
Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-42295
Microsoft Office could allow a local attacker to obtain sensitive information, caused by a flaw in the Visual Basic for Applications. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-42294
Microsoft SharePoint Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-42293
Microsoft Jet Red Database Engine and Access Connectivity Engine could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-41365
Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-41360
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-41333
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43882
Microsoft Defender for IoT could allow a remote authenticated attacker to execute arbitrary code on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43877
Microsoft ASP.NET Core and Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43875
Microsoft Office Graphics could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43256
Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-43255
Microsoft Office Trust Center could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2021-43248
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital Media Receiver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43247
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the TCP/IP Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43246
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Hyper-V. By executing a specially-crafted program, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
CVE-2021-43245
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital TV Tuner. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43244
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Kernel. By executing a specially-crafted program, a remote attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-43243
Microsoft VP9 Video Extensions could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-43240
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the NTFS Set Short Name. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43239
Microsoft Windows could allow a local attacker to gain elevated privileges on the system, caused by a flaw in the Update Assistant. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43238
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Remote Access. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43237
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Stack component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-43236
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in the Message Queuing component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-43235
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Storage Spaces Controller component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-43234
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Fax Service. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Unauthorized Access
- Privilege Escalation
- Information Disclosure
- Denial of Service
Affected Vendors
Microsoft
Affected Products
- Microsoft Visual Studio Code WSL Extension
- Microsoft Office app
- Microsoft 4K Wireless Display Adapter
- Microsoft PowerShell 7.2
- Microsoft Visual Studio Code
- Microsoft Defender for IoT
- Microsoft Windows Server 2012
- Microsoft Windows 8.1 x32
- Microsoft Windows 8.1 x64
- Microsoft Windows Server 2012 R2
- Microsoft Windows RT 8.1
- Microsoft Windows 10 x32
- Microsoft Windows 10 x64
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows 10 1607 for 32-bit Systems
- Microsoft Windows 10 1607 for x64-based Systems
- Microsoft Windows 10 2004 for 32-bit Systems
- Microsoft Windows 10 2004 for ARM64-based Systems
- Microsoft Windows 10 2004 for x64-based Systems
- Microsoft Windows 10 1909 for 32-bit Systems
- Microsoft Windows 10 1909 for x64-based Systems
- Microsoft Windows 10 1909 for ARM64-based Systems
- Microsoft Windows 10 20H2 for 32-bit Systems
- Microsoft Windows 10 20H2 for ARM64-based Systems
- Microsoft Windows 10 20H2 for x64-based Systems
- Microsoft Windows Server (Server Core installation) 2019
- Microsoft Windows Server (Server Core installation) 2004
- Microsoft Windows Server (Server Core installation) 20H2
- Microsoft Windows Server (Server Core installation) 2016
- Microsoft Windows Server (Server Core installation) 2012 R2
- Microsoft Windows Server (Server Core installation) 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows Server for 32-bit systems (Server Core installation) 2008 SP2
- Microsoft Windows Server for 32-bit systems 2008 SP2
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 R2 SP1
- Microsoft Windows 10 21H1 for 32-bit Systems
- Microsoft Windows 10 21H1 for ARM64-based Systems
- Microsoft Windows 10 21H1 for x64-based Systems
- Microsoft Windows Server 2022
- Microsoft Windows Server (Server Core installation) 2022
- Microsoft Windows Server for X64-based systems 2008 SP2
- Microsoft Windows 11 x64
- Microsoft Windows 11 ARM64
- Microsoft Windows 10 21H2 for 32-bit Systems
- Microsoft Windows 10 21H2 for ARM64-based Systems
- Microsoft Windows 10 21H2 for x64-based Systems
- Microsoft Windows 11 x64 Microsoft Windows 11 ARM64
- Microsoft SharePoint Enterprise Server 2016
- Microsoft SharePoint Enterprise Server 2013 SP1
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Server Subscription Edition
- Microsoft Office 2013 SP1 x32
- Microsoft Office 2013 SP1 x64
- Microsoft Office 2013 SP1 RT
- Microsoft Office 2016 x32
- Microsoft Office 2016 x64
- Microsoft Office 2019 x32
- Microsoft Office 2019 x64
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft Office LTSC 2021 x32
- Microsoft Office LTSC 2021 x64
- Microsoft SharePoint Foundation 2013 SP1
- Microsoft HEVC Video Extensions
- Microsoft Windows 7 SP1 x32
- Microsoft Windows 7 SP1 x64
- Microsoft ASP.NET Core 3.1
- Microsoft ASP.NET Core 5.0
- Microsoft VP9 Video Extensions
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2021-43907
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43907
CVE-2021-43905
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43905
CVE-2021-43899
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43905
CVE-2021-43893
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43896
CVE-2021-43891
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43896
CVE-2021-43889
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43891
CVE-2021-43888
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43889
CVE-2021-43883
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43888
CVE-2021-43880
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43883
CVE-2021-43242
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43880
CVE-2021-43207
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43880
CVE-2021-42309
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-42295
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-42294
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-42293
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-41365
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43207
CVE-2021-41360
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41365
CVE-2021-41333
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43882
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43877
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43875
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41360
CVE-2021-43256
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43256
CVE-2021-43255
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43255
CVE-2021-43248
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43255
CVE-2021-43247
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43255
CVE-2021-43246
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43246
CVE-2021-43245
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43245
CVE-2021-43244
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43245
CVE-2021-43243
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43243
CVE-2021-43240
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43240
CVE-2021-43239
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43239
CVE-2021-43238
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43238
CVE-2021-43237
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43237
CVE-2021-43236
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43236
CVE-2021-43235
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43235
CVE-2021-43234
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-43234