Today’s Patch Tuesday sees Microsoft issuing fixes for over 70 CVEs, affecting the usual mix of their product lines. From Windows, Edge, and Office, to Exchange, SharePoint, and Dynamics, there is plenty of patching to do for workstation and server administrators alike.
One vulnerability has already been seen exploited in the wild: CVE-2021-40449 is an elevation of privilege vulnerability in all supported versions of Windows, including the newly released Windows 11. Rated as Important, this is likely being used alongside Remote Code Execution (RCE) and/or social engineering attacks to gain more complete control of targeted systems.
Three CVEs were publicly disclosed before today, though haven’t yet been observed in active exploitation. CVE-2021-40469 is an RCE vulnerability affecting Microsoft DNS servers, CVE-2021-41335 is another privilege escalation vulnerability in the Windows Kernel, and CVE-2021-41338 is a flaw in Windows AppContainer allowing attackers to bypass firewall rules.
Attackers will likely be paying attention to the latest Windows Print Spooler vulnerability – CVE-2021-36970 is a Spoofing vulnerability with a CVSSv3 score of 8.8 that we don’t yet have much more information about. Also worth noting is CVE-2021-40486, an RCE affecting Microsoft Word, OWA, as well as SharePoint Server, which can be exploited via the Preview Pane. CVE-2021-40487 is another RCE affecting SharePoint Server that Microsoft expects to be exploited before too long.
Another notable vulnerability is CVE-2021-26427, the latest in Exchange Server RCEs. The severity is mitigated by the fact that attacks are limited to a “logically adjacent topology,” meaning that it cannot be exploited directly over the public Internet. Three other vulnerabilities related to Exchange Server were also patched: CVE-2021-41350, a Spoofing vulnerability; CVE-2021-41348, allowing elevation of privilege; and CVE-2021-34453, which is a Denial of Service vulnerability.
Finally, virtualization administrators should be aware of two RCEs affecting Windows Hyper-V: CVE-2021-40461 and CVE-2021-38672. Both affect relatively new versions of Windows and are considered Critical, allowing a VM to escape from guest to host by triggering a memory allocation error, allowing it to read kernel memory in the host.
Summary Charts
Summary Tables
Apps Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-41363 | Intune Management Extension Security Feature Bypass Vulnerability | No | No | 4.2 | Yes |
Browser Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-37980 | Chromium: CVE-2021-37980 Inappropriate implementation in Sandbox | No | No | N/A | Yes |
| CVE-2021-37979 | Chromium: CVE-2021-37979 Heap buffer overflow in WebRTC | No | No | N/A | Yes |
| CVE-2021-37978 | Chromium: CVE-2021-37978 Heap buffer overflow in Blink | No | No | N/A | Yes |
| CVE-2021-37977 | Chromium: CVE-2021-37977 Use after free in Garbage Collection | No | No | N/A | Yes |
| CVE-2021-37976 | Chromium: CVE-2021-37976 Information leak in core | No | No | N/A | Yes |
| CVE-2021-37975 | Chromium: CVE-2021-37975 Use after free in V8 | No | No | N/A | Yes |
| CVE-2021-37974 | Chromium: CVE-2021-37974 Use after free in Safe Browsing | No | No | N/A | Yes |
Developer Tools Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-3450 | OpenSSL: CVE-2021-3450 CA certificate check bypass with X509_V_FLAG_X509_STRICT | No | No | N/A | Yes |
| CVE-2021-3449 | OpenSSL: CVE-2021-3449 NULL pointer deref in signature_algorithms processing | No | No | N/A | Yes |
| CVE-2020-1971 | OpenSSL: CVE-2020-1971 EDIPARTYNAME NULL pointer de-reference | No | No | N/A | Yes |
| CVE-2021-41355 | .NET Core and Visual Studio Information Disclosure Vulnerability | No | No | 5.7 | Yes |
ESU Windows Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-38663 | Windows exFAT File System Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-40465 | Windows Text Shaping Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-36953 | Windows TCP/IP Denial of Service Vulnerability | No | No | 7.5 | No |
| CVE-2021-40460 | Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-36970 | Windows Print Spooler Spoofing Vulnerability | No | No | 8.8 | No |
| CVE-2021-41332 | Windows Print Spooler Information Disclosure Vulnerability | No | No | 6.5 | Yes |
| CVE-2021-41331 | Windows Media Audio Decoder Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-41342 | Windows MSHTML Platform Remote Code Execution Vulnerability | No | No | 6.8 | Yes |
| CVE-2021-41335 | Windows Kernel Elevation of Privilege Vulnerability | No | Yes | 7.8 | No |
| CVE-2021-40455 | Windows Installer Spoofing Vulnerability | No | No | 5.5 | No |
| CVE-2021-26442 | Windows HTTP.sys Elevation of Privilege Vulnerability | No | No | 7 | No |
| CVE-2021-41340 | Windows Graphics Component Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-38662 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-41343 | Windows Fast FAT File System Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-40469 | Windows DNS Server Remote Code Execution Vulnerability | No | Yes | 7.2 | Yes |
| CVE-2021-40443 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-40466 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-40467 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-40449 | Win32k Elevation of Privilege Vulnerability | Yes | No | 7.8 | No |
| CVE-2021-40489 | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | Yes |
Exchange Server Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-41350 | Microsoft Exchange Server Spoofing Vulnerability | No | No | 6.5 | No |
| CVE-2021-26427 | Microsoft Exchange Server Remote Code Execution Vulnerability | No | No | 9 | Yes |
| CVE-2021-41348 | Microsoft Exchange Server Elevation of Privilege Vulnerability | No | No | 8 | No |
| CVE-2021-34453 | Microsoft Exchange Server Denial of Service Vulnerability | No | No | 7.5 | No |
Microsoft Dynamics Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-40457 | Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | No | No | 7.4 | Yes |
| CVE-2021-41353 | Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability | No | No | 5.4 | No |
| CVE-2021-41354 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | No | No | 4.1 | No |
Microsoft Office Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-40486 | Microsoft Word Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40484 | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No |
| CVE-2021-40483 | Microsoft SharePoint Server Spoofing Vulnerability | No | No | 7.6 | No |
| CVE-2021-41344 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.1 | No |
| CVE-2021-40487 | Microsoft SharePoint Server Remote Code Execution Vulnerability | No | No | 8.1 | Yes |
| CVE-2021-40482 | Microsoft SharePoint Server Information Disclosure Vulnerability | No | No | 5.3 | Yes |
| CVE-2021-40480 | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40481 | Microsoft Office Visio Remote Code Execution Vulnerability | No | No | 7.1 | Yes |
| CVE-2021-40471 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40473 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40474 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40479 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40485 | Microsoft Excel Remote Code Execution Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-40472 | Microsoft Excel Information Disclosure Vulnerability | No | No | 5.5 | Yes |
Microsoft Office Windows Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-40454 | Rich Text Edit Control Information Disclosure Vulnerability | No | No | 5.5 | Yes |
System Center Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-41352 | SCOM Information Disclosure Vulnerability | No | No | 7.5 | Yes |
Windows Vulnerabilities
| CVE | Title | Exploited | Publicly Disclosed? | CVSSv3 Base Score | has FAQ? |
|---|
| CVE-2021-40464 | Windows Nearby Sharing Elevation of Privilege Vulnerability | No | No | 8 | No |
| CVE-2021-40463 | Windows NAT Denial of Service Vulnerability | No | No | 7.7 | No |
| CVE-2021-40462 | Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-41336 | Windows Kernel Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-38672 | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8 | Yes |
| CVE-2021-40461 | Windows Hyper-V Remote Code Execution Vulnerability | No | No | 8 | No |
| CVE-2021-40477 | Windows Event Tracing Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-41334 | Windows Desktop Bridge Elevation of Privilege Vulnerability | No | No | 7 | No |
| CVE-2021-40475 | Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-40468 | Windows Bind Filter Driver Information Disclosure Vulnerability | No | No | 5.5 | Yes |
| CVE-2021-41347 | Windows AppX Deployment Service Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-41338 | Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability | No | Yes | 5.5 | No |
| CVE-2021-40476 | Windows AppContainer Elevation Of Privilege Vulnerability | No | No | 7.5 | No |
| CVE-2021-40456 | Windows AD FS Security Feature Bypass Vulnerability | No | No | 5.3 | Yes |
| CVE-2021-40450 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-41357 | Win32k Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-40478 | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-40488 | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-26441 | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | Yes |
| CVE-2021-41345 | Storage Spaces Controller Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-41330 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | No | No | 7.8 | No |
| CVE-2021-41339 | Microsoft DWM Core Library Elevation of Privilege Vulnerability | No | No | 4.7 | No |
| CVE-2021-40470 | DirectX Graphics Kernel Elevation of Privilege Vulnerability | No | No | 7.8 | No |
| CVE-2021-41346 | Console Window Host Security Feature Bypass Vulnerability | No | No | 5.3 | No |
| CVE-2021-41337 | Active Directory Security Feature Bypass Vulnerability | No | No | 4.9 | Yes |
| CVE-2021-41361 | Active Directory Federation Server Spoofing Vulnerability | No | No | 5.4 | Yes |
