Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023
Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
June 2, 2023Severity High Analysis Summary Shuckworm APT – aka Actinium, Armageddon, Primitive Bear, Gamaredon, and Trident Ursa – is a Russia-backed advanced persistent threat (APT) that has […]June 2, 2023Severity High Analysis Summary StormKitty information stealer is designed to compromise sensitive data from infected systems, such as login credentials, passwords, cryptocurrency wallets, and other valuable […]June 2, 2023Severity High Analysis Summary Tofsee malware has been around since 2016. Once installed on a compromised computer, it can be used to send spam emails and […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – ICS: Schneider Electric Multiple Security Vulnerabilities
July 14, 2021Rewterz Threat Advisory – Multiple SAP NetWeaver Vulnerabilities
July 14, 2021
Severity
High
Analysis Summary
CVE-2021-33781
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, cause by a flaw in Active Directory. An attacker could exploit this vulnerability to bypass security features to cause impact on confidentiality and integrity.
CVE-2021-34525
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the DNS Server. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34522
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Defender. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34470
Microsoft Exchange Server could allow a remote authenticated attacker to gain elevated privileges on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-33784
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Cloud Files Mini Filter Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-33785
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the AF_UNIX Socket Provider. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the system to crash.
CVE-2021-33786
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the LSA. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and integrity.
CVE-2021-33788
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Console Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34438
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Font Driver Host. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34439
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media Foundation. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34488
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Console Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34516
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34464
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in Defender. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34489
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the DirectWrite. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34514
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges
CVE-2021-34513
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage Spaces Controller. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34490
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the TCP/IP Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to cause the system to crash.
CVE-2021-34503
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34504
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Address Book. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34455
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the File History Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34462
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the AppX Deployment Extensions. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34456
Microsoft could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Remote Access Connection Manager. By executing a specially-crafted program, an attacker could exploit this vulnerability to escalate privileges.
CVE-2021-34458
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34508
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34459
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the AppContainer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34512
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage Spaces Controller. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34460
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage Spaces Controller. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34510
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage Spaces Controller. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34511
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the installer. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34461
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34440
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the GDI+ component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-33782
Microsoft Windows could allow a remote attacker to conduct spoofing attacks, cause by a flaw in the Authenticode. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2021-34457
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Remote Access Connection Manager. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-34509
Microsoft Windows could allow a local attacker to obtain sensitive information, caused by a flaw in the Storage Spaces Controller. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-34454
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Shell. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-34507
Microsoft Windows could allow a remote attacker to obtain sensitive information, caused by a flaw in Remote Assistance. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-34451
Microsoft Office Online Server could allow a remote attacker to conduct spoofing attacks.
CVE-2021-34517
Microsoft SharePoint Server could allow a remote attacker to conduct spoofing attacks.
CVE-2021-34466
Microsoft Windows could allow a local attacker to bypass security restrictions, caused by a flaw in the Hello Security Feature. An attacker could exploit this vulnerability to bypass security feature to cause an impact on confidentiality and integrity.
CVE-2021-33783
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the SMB. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
Impact
- Bypass security
- Code Execution
- Denial of Service
- Information Theft
- Unauthorized Access
Affected Vendors
Microsoft
Affected Products
- Microsoft Malware Protection Engine
- Microsoft Exchange Server 2016 CU21
- Microsoft Exchange Server 2019 CU10
- Microsoft Windows 10 1809 for x64-based Systems
- Microsoft Windows Server 2019
- Microsoft Windows 10 1809 for ARM64-based Systems
- Microsoft Windows Server 2012
- Microsoft Windows 10 x64
- Microsoft Windows Server 2016
- Microsoft Windows 7 SP1 x64
- Microsoft Office Online Server
- Microsoft SharePoint Server 2019
- Microsoft SharePoint Enterprise Server 2016
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.