Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 11, 2021Rewterz Threat Advisory –Multiple Intel Ethernet Linux Driver Security Vulnerabilities
August 11, 2021Rewterz Threat Alert – Kimsuky APT Group – Active IOCs
August 11, 2021Rewterz Threat Advisory –Multiple Intel Ethernet Linux Driver Security Vulnerabilities
August 11, 2021Severity
High
Analysis Summary
CVE-2021-34485
Microsoft .NET Core could allow a remote attacker to obtain sensitive information. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-26423
Microsoft .NET Core is vulnerable to a denial of service. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-34532
Microsoft ASP.NET Core and Visual Studio could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-33762
Microsoft Azure CycleCloud could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36943
Microsoft Azure CycleCloud could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26428
Microsoft Azure Sphere could allow a local authenticated attacker to obtain sensitive information. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-26429
Microsoft Azure Sphere could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26430
Microsoft Azure Sphere is vulnerable to a denial of service. By sending a specially-crafted request, a local authenticated attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2021-34524
Microsoft Dynamics 365 (on-premises) could allow a remote authenticated attacker to execute arbitrary code on the system. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-34533
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-26432
Microsoft Windows Services for NFS ONCRPC XDR Driver could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34480
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Scripting Engine component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system with privileges of the victim.
CVE-2021-34535
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by an error in the Remote Desktop Client. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-34530
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Graphics component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-34478
Microsoft Office could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36940
Microsoft SharePoint Server could allow a remote attacker to conduct spoofing attacks.
CVE-2021-36941
Microsoft Word could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36937
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Media MPEG-4 Video Decoder component. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-34537
Microsoft Windows could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Bluetooth Service component. By sending a specially-crafted request, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36938
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Cryptographic Primitives Library. By executing a specially-crafted program, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-34471
Microsoft Windows Defender could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34486
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Event Tracing. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26425
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Event Tracing. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34487
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in Event Tracing. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36927
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Digital TV Tuner device registration application. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34534
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the MSHTML Platform. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36942
Microsoft Windows could allow a remote attacker to conduct spoofing attacks. By invoking a method on the LSARPC interface and coercing the domain controller to authenticate against another server using NTLM, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2021-36936
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-34483
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Print Spooler. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36932
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Services for NFS ONCRPC XDR Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36926
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Services for NFS ONCRPC XDR Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-26433
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Services for NFS ONCRPC XDR Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-36933
Microsoft Windows could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Services for NFS ONCRPC XDR Driver. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.
CVE-2021-34536
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Storage Spaces Controller. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26424
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the TCP/IP component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-26431
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Recovery Environment Agent. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-34484
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the User Profile Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-26426
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the User Profile Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36945
Microsoft Windows Update Assistant could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36946
Microsoft Dynamics Business Central is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVE-2021-36947
Microsoft Windows could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in the Print Spooler component. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-36948
Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Update Medic Service component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2021-36949
Microsoft Azure Active Directory Connect could allow a remote authenticated attacker to bypass security restrictions. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass authentication validation.
CVE-2021-36950
Microsoft Dynamics 365 (on-premises)is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
Impact
- Privilege Escalation
- Code Execution
- Information Theft
- Unauthorized Access
Affected Vendors
- Microsoft
Affected Products
- Microsoft .NET Core 2.1
- Microsoft Windows 7 SP1 x64
- Microsoft Azure Sphere
- Microsoft Windows Server 2008 R2 SP1 x64
- Microsoft Office 2019 x32
- Microsoft Windows Server 2016
- Microsoft Windows Server 2008 SP2 x32
- Microsoft Windows Update Assistant
- Microsoft Dynamics NAV 2017
- Microsoft Azure Active Directory Connect
- Microsoft 365 Apps for Enterprise x32
Remediation
Use Microsoft Security Update Guide to search for available patches.