Rewterz Threat Alert – FormBook Malware – Active IOCs
September 15, 2021Rewterz Threat Advisory – CVE-2021-22941 – Citrix ShareFile Vulnerability
September 15, 2021Rewterz Threat Alert – FormBook Malware – Active IOCs
September 15, 2021Rewterz Threat Advisory – CVE-2021-22941 – Citrix ShareFile Vulnerability
September 15, 2021Severity
High
Analysis Summary
CVE-2021-36961
Microsoft Windows is vulnerable to a denial of service, caused by a flaw in the Installer. By sending specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-36962
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Installer component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36963
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36964
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Event Tracing component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36965
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the WLAN AutoConfig Service component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36966
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Subsystem for Linux component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36967
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the WLAN Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36968
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the DNS component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36969
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36972
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the SMB component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36973
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Redirected Drive Buffering System. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36974
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the SMB component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36975
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26435
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption flaw in the Scripting Engine component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-26436
Microsoft Edge (Chromium-based) could allow a remote attacker to gain elevated privileges on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38624
Microsoft Windows could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the Key Storage Provider component. An attacker could exploit this vulnerability to bypass security feature to cause impact on integrity.
CVE-2021-38625
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38626
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38628
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38629
Microsoft Windows could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in TDX.Sys. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38630
Microsoft Windows could allow a local authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Kernel component. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38632
Microsoft Windows could allow a local attacker to bypass security restrictions, caused by a flaw in the BitLocker component. An attacker could exploit this vulnerability to bypass security feature to cause impact on confidentiality and integrity.
CVE-2021-38633
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Common Log File System Driver. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38634
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Client component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38635
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38636
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Redirected Drive Buffering SubSystem Driver. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38637
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Storage component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38638
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Ancillary Function Driver for WinSock. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38641
Microsoft Edge for Android could allow a remote attacker to conduct spoofing attacks.
CVE-2021-38642
Microsoft Edge for iOS could allow a remote attacker to conduct spoofing attacks.
CVE-2021-38645
Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38647
Microsoft Azure Open Management Infrastructure could allow a remote attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38648
Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38649
Microsoft Azure Open Management Infrastructure could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36930
Microsoft Edge (Chromium-based) could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.CVE-2021-36956
CVE-2021-36956
Microsoft Azure Sphere could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-26434
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38639
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38644
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the MPEG-2 Video Extension. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38646
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Access Connectivity Engine. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38650
Microsoft Office could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2021-38651
Microsoft SharePoint could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2021-38652
Microsoft SharePoint could allow a remote authenticated attacker to conduct spoofing attacks.
CVE-2021-38653
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38654
Microsoft Office Visio could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38655
Microsoft Excel Software could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38656
Microsoft Word Software could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38657
Microsoft Office could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Graphics Component. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-38658
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38659
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38660
Microsoft Office could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38661
Microsoft HEVC Video Extensions could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-38667
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-38671
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
Impact
- Denial of Service
- Code Execution
- Information Theft
- Privilege Escalation
- Unauthorized Access
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 7 SP1 x32
- Microsoft Windows Server 2012
- Microsoft Windows Server for X64-based systems 2008 R2 SP1
- Microsoft Windows 8.1 x32
- Microsoft Windows Server for X64-based systems (Server Core installation) 2008 SP2
- Microsoft Windows 10 1809 for 32-bit Systems
- Microsoft Windows Server 2008 SP2 x32
- Microsoft Edge (Chromium-based)
- Microsoft Azure Open Management Infrastructure
- Microsoft 365 Apps for Enterprise x32
- Microsoft 365 Apps for Enterprise x64
- Microsoft SharePoint Foundation 2013 SP1
- Microsoft Windows Server 2016
- Microsoft Azure Sphere
Remediation
Use Microsoft Security Update Guide to search for available patches.