Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023
Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – FormBook Malware – Active IOCs
September 15, 2021Rewterz Threat Advisory – CVE-2021-22941 – Citrix ShareFile Vulnerability
September 15, 2021
Severity
High
Analysis Summary
CVE-2021-36961
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Installer. By sending specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-36962
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Installer component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36963
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36964
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Event Tracing component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36965
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WLAN AutoConfig Service component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36966
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Subsystem for Linux component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36967
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WLAN Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36968
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DNS component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36969
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36972
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the SMB component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36973
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Redirected Drive Buffering System. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36974
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the SMB component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36975
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26435
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the Scripting Engine component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-26436
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38624
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Key Storage Provider component. An attacker could exploit this vulnerability to bypass security feature to cause impact on integrity.
CVE-2021-38625
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38626
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38628
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38629
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in TDX.Sys. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38630
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38632
Microsoft Windows could allow a local attacker to bypass security restrictions, caused by a flaw in the BitLocker component. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and integrity.
CVE-2021-38633
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38634
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Client component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38635
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38636
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38637
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Storage component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38638
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38641
Microsoft Edge for Android could allow a remote attacker to conduct spoofing attacks.
CVE-2021-38642
Microsoft Edge for iOS could allow a remote attacker to conduct spoofing attacks.
CVE-2021-38645
Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38647
Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38648
Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38649
Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36930
Microsoft Edge (Chromium-based) could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.CVE-2021-36956
CVE-2021-36956
Microsoft Azure Sphere could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-26434
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38639
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38644
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the MPEG-2 Video Extension. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38646
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Access Connectivity Engine. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38650
Microsoft Office could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2021-38651
Microsoft SharePoint could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2021-38652
Microsoft SharePoint could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2021-38653
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38654
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38655
Microsoft Excel Software could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38656
Microsoft Word Software could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38657
Microsoft Office could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38658
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38659
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38660
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38661
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38667
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38671
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Denial of Service
- Code Execution
- Information Theft
- Privilege Escalation
- Unauthorized Access
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 7 SP1 x32
- Microsoft Windows Server 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows 8.1 x32
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows Server 2008 SP2 x32
- Microsoft Edge (Chromium-based)
- Microsoft Azure Open Management Infrastructure
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft SharePoint Foundation 2013 SP1
- Microsoft Windows Server 2016
- Microsoft Azure Sphere
Remediation
Use Microsoft Security Update Guide to search for available patches.