Rewterz Threat Update – CVE-2021-42321 – Targeted Attacks Exploiting Microsoft Exchange Servers
November 23, 2021Rewterz Threat Advisory – CVE-2021-41379 – New Windows Zero Day Exploited for Privilege Escalation
November 23, 2021Rewterz Threat Update – CVE-2021-42321 – Targeted Attacks Exploiting Microsoft Exchange Servers
November 23, 2021Rewterz Threat Advisory – CVE-2021-41379 – New Windows Zero Day Exploited for Privilege Escalation
November 23, 2021Severity
Low
Analysis Summary
CVE-2021-42308
Microsoft Edge (Chromium-based) could allow a remote attacker to conduct a spoofing attack. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2021-43220
Microsoft Edge for iOS could allow a remote attacker to conduct a spoofing attack. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to conduct a spoofing attack.
CVE-2021-43221
Microsoft Edge (Chromium-based) could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially-crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Unauthorized Access
- Arbitrary Code Execution
Affected Vendors
Microsoft
Affected Products
- Microsoft Edge (Chromium-based)
- Microsoft Edge for iOS
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
CVE-2021-42308
CVE-2021-43220
CVE-2021-43221