logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Multiple Microsoft Security Vulnerabilities

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs
    Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
    Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker
    Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Advisory – Multiple Microsoft Security Vulnerabilities

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Alert – Lumma Stealer Malware aka LummaC – Active IOCs
    Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
    Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]
    September 18, 2023
    Rewterz
    September 18, 2023
    Rewterz Threat Update – Microsoft Teams Used for Stealing Accounts by Ransomware Access Broker
    Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Alert – FormBook Malware – Active IOCs
September 15, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-22941 – Citrix ShareFile Vulnerability
September 15, 2021

Rewterz Threat Advisory – Multiple Microsoft Security Vulnerabilities

September 15, 2021

Severity

High

Analysis Summary

CVE-2021-36961

Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Installer. By sending specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2021-36962

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Installer component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-36963

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36964

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Event Tracing component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36965

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WLAN AutoConfig Service component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-36966

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Subsystem for Linux component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36967

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WLAN Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36968

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DNS component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36969

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-36972

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the SMB component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-36973

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Redirected Drive Buffering System. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36974

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the SMB component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36975

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-26435

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the Scripting Engine component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-26436

Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38624

Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Key Storage Provider component. An attacker could exploit this vulnerability to bypass security feature to cause impact on integrity.

CVE-2021-38625

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38626

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38628

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38629

Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in TDX.Sys. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-38630

Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38632

Microsoft Windows could allow a local attacker to bypass security restrictions, caused by a flaw in the BitLocker component. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and integrity.

CVE-2021-38633

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38634

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Client component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38635

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-38636

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-38637

Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Storage component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-38638

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38641

Microsoft Edge for Android could allow a remote attacker to conduct spoofing attacks.

CVE-2021-38642

Microsoft Edge for iOS could allow a remote attacker to conduct spoofing attacks.

CVE-2021-38645

Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38647

Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38648

Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38649

Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-36930

Microsoft Edge (Chromium-based) could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.CVE-2021-36956

CVE-2021-36956

Microsoft Azure Sphere could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-26434

Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38639

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38644

Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the MPEG-2 Video Extension. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38646

Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Access Connectivity Engine. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38650

Microsoft Office could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2021-38651

Microsoft SharePoint could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2021-38652

Microsoft SharePoint could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2021-38653

Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38654

Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38655

Microsoft Excel Software could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38656

Microsoft Word Software could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38657

Microsoft Office could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-38658

Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38659

Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38660

Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38661

Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-38667

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

CVE-2021-38671

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

  • Denial of Service
  • Code Execution
  • Information Theft
  • Privilege Escalation
  • Unauthorized Access

Affected Vendors

Microsoft

Affected Products

  • Microsoft Windows 7 SP1 x32
  • Microsoft Windows Server 2012
  • Microsoft Windows Server for X64-based systems 2008 R2 SP1
  • Microsoft Windows 8.1 x32
  • Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
  • Microsoft Windows 10 1809 for 32-bit Systems
  • Microsoft Windows Server 2008 SP2 x32
  • Microsoft Edge (Chromium-based)
  • Microsoft Azure Open Management Infrastructure
  • Microsoft 365 Apps for Enterprise x32
  • Microsoft 365 Apps for Enterprise x64
  • Microsoft SharePoint Foundation 2013 SP1
  • Microsoft Windows Server 2016
  • Microsoft Azure Sphere

Remediation

Use Microsoft Security Update Guide to search for available patches.

https://msrc.microsoft.com/update-guide

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo