Microsoft Virtual Machine Bus (VMBus) Remote Code Execution Vulnerability
Identifier: CVE-2021-26443
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-26443
Description: CVE-2021-26443 allows an attacker to remotely execute code on a vulnerable HyperV deployment.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft COM for Windows Remote Code Execution Vulnerability
Identifier: CVE-2021-42275
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42275
Description: CVE-2021-42275 allows an attacker to exploit code through the vulnerable COM component on Windows operation systems.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft Exchange Server Remote Code Execution Vulnerability
Identifier: CVE-2021-42321
Exploit or POC: Yes.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42321
Description: CVE-2021-4321 allows an attacker to remotely execute code on a vulnerable Microsoft Exchange server.
Mitigation recommendation: Patching is currently the only method of mitigation.
NTFS Elevation of Privilege Vulnerability
Identifier: CVE-2021-42283
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42283
Description: CVE-2021-42283 allows an attacker to escalate privileges via the vulnerable NT file system.
Mitigation recommendation: Patching is currently the only method of mitigation.
Remote Desktop Client Remote Code Vulnerability
Identifier: CVE-2021-38666
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38666
Description: CVE-2021-38666 allows an attacker to remotely execute code on a vulnerable Windows host with RDP enabled.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability
Identifier: CVE-2021-42316
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42316
Description: CVE-2021-42316 allows an attacker to remotely execute code on a vulnerable Microsoft Exchange Server.
Mitigation recommendation: Patching is currently the only method of mitigation
Zoho Manage Engine Automation Bypass with Resultant Remote Code Execution Vulnerability
Identifier: CVE-2021-40539
Exploit or POC: Yes.
Update: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40539
Description: CVE-2021-40539 allows an attacker to remotely execute code after authentication bypass on vulnerable Zoho ManageEngine ADSelfService implementations.
Mitigation recommendation: Patching is currently the only method of mitigation
Microsoft Excel Security Feature Bypass Vulnerability
Identifier: CVE-2021-42292
Exploit or POC: Yes.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-42292
Description: CVE-2021-42292 allows an attacker to bypass the security restrictions in Excel
Mitigation recommendation: Patching is currently the only method of mitigation