Windows Print Spooler Remote Code Execution Vulnerability
Identifier: CVE-2021-34527
Exploit or POC: Yes.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Description: CVE-2021-34527 allows an attacker to execute code within Windows Print Spooler with SYSTEM privileges. CVE-2021-34527 is actively being exploited in the wild.
Mitigation recommendation: Patching is currently the only method of mitigation
Windows Kernel Elevation of Privilege Vulnerability
Identifier: CVE-2021-31979, CVE-2021-33771
Exploit or POC: Yes.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-31979
Description: CVE-2021-31979, CVE-2021-33771 allows an attacker with access to a host to elevate privileges. CVE-2021-31979, CVE-2021-33771 are both actively being exploited in the wild.
Mitigation recommendation: Patching is currently the only method of mitigation.
Scripting Engine Memory Corruption Vulnerability
Identifier: CVE-2021-34448
Exploit or POC: Yes.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448
Description: CVE-2021-34448 is a memory corruption vulnerability that exists in the Scripting Engine component of windows. CVE-2021-34448 is actively being exploited by attacker in the wild.
Mitigation recommendation: Patching is currently the only method of mitigation.
Windows DNS Server Remote Code Execution Vulnerability
Identifier: CVE-2021-34525, CVE-2021-33780, CVE-2021-34494
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34448
Description: CVE-2021-33780 allows an attacker with network access to remotely execute code via the Windows DNS server component which allows the attacker to run code with SYSTEM privileges.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft Office Security Feature Bypass Vulnerability
Identifier: CVE-2021-34469
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34469
Description: CVE-2021-34469 allows an attacker to bypass security features of Microsoft Office with a specially crafted file.
Mitigation recommendation: Patching is currently the only method of mitigation.
Active Directory Security Feature Bypass Vulnerability
Identifier: CVE-2021-33781
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33781
Description: CVE-2021-33781 allows an attacker to bypass security features in Active Directory.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft Exchange Server Remote Code Execution Vulnerability
Identifier: CVE-2021-34473
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
Description: CVE-2021-34473 allows an authenticated attacker to remotely execute code on a vulnerable exchange server.
Mitigation recommendation: Patching is currently the only method of mitigation.
Microsoft Exchange Server Elevation of Privilege Vulnerability
Identifier: CVE-2021-34523
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34523
Description: CVE-2021-34523 allows an authenticated attacker elevate privileges on a vulnerable exchange server.
Mitigation recommendation: Patching is currently the only method of mitigation.
Windows Certificate Spoofing Vulnerability
Identifier: CVE-2021-34492
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34492
Description: CVE-2021-34492 allows an attacker with access to a vulnerable host to spoof certificates which could potentially allow the attacker to impersonate legit signed software.
Mitigation recommendation: Patching is currently the only method of mitigation.
Windows ADFS Security Feature Bypass Vulnerability
Identifier: CVE-2021-33779
Exploit or POC: No.
Update: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-33779
Description: CVE-2021-33779 allows an attacker to bypass security features in the Active Directory Federation Services.
Mitigation recommendation: Patching is currently the only method of mitigation.
CVE |
Vulnerability |
Impact |
CVSS v3 |
Exploitation Likeliness |
CVE-2021-34458 |
Windows Kernel RCE Vulnerability |
RCE |
9.9 |
Less Likely |
CVE-2021-34473 |
Microsoft Exchange Server RCE Vulnerability |
RCE |
9.1 |
More Likely |
CVE-2021-34523 |
Microsoft Exchange Server EoP Vulnerability |
EoP |
9 |
Less Likely |
CVE-2021-33780 |
Windows DNS Server RCE Vulnerability |
RCE |
8.8 |
More Likely |
CVE-2021-34494 |
Windows DNS Server RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-34525 |
Windows DNS Server RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-33749 |
Windows DNS Snap-in RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-33750 |
Windows DNS Snap-in RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-33752 |
Windows DNS Snap-in RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-33756 |
Windows DNS Snap-in RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-34508 |
Windows Kernel RCE Vulnerability |
RCE |
8.8 |
Less Likely |
CVE-2021-34527 |
Windows Print Spooler RCE Vulnerability |
RCE |
8.8 |
Detected |
CVE-2021-34450 |
Windows Hyper-V RCE Vulnerability |
RCE |
8.5 |
Less Likely |
CVE-2021-34469 |
Microsoft Office SFB Vulnerability |
SFB |
8.2 |
Less Likely |
CVE-2021-33767 |
Open Enclave SDK EoP Vulnerability |
EoP |
8.2 |
Less Likely |
CVE-2021-34520 |
Microsoft SharePoint Server RCE Vulnerability |
RCE |
8.1 |
More Likely |
CVE-2021-33781 |
Active Directory SFB Vulnerability |
SFB |
8.1 |
Less Likely |
CVE-2021-33779 |
Windows ADFS SFB Vulnerability |
SFB |
8.1 |
Less Likely |
CVE-2021-34492 |
Windows Certificate Spoofing Vulnerability |
Spoofing |
8.1 |
Less Likely |
CVE-2021-33786 |
Windows LSA SFB Vulnerability |
SFB |
8.1 |
Less Likely |
CVE-2021-34474 |
Dynamics Business Central RCE Vulnerability |
RCE |
8 |
Less Likely |
CVE-2021-34470 |
Microsoft Exchange Server EoP Vulnerability |
EoP |
8 |
Less Likely |
CVE-2021-33768 |
Microsoft Exchange Server EoP Vulnerability |
EoP |
8 |
Less Likely |
CVE-2021-33746 |
Windows DNS Server RCE Vulnerability |
RCE |
8 |
Less Likely |
CVE-2021-33754 |
Windows DNS Server RCE Vulnerability |
RCE |
8 |
Less Likely |
CVE-2021-34446 |
Windows HTML Platforms SFB Vulnerability |
SFB |
8 |
Less Likely |
CVE-2021-34489 |
DirectWrite RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-31947 |
HEVC Video Extensions RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-33775 |
HEVC Video Extensions RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-33776 |
HEVC Video Extensions RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-33777 |
HEVC Video Extensions RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-33778 |
HEVC Video Extensions RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34464 |
Microsoft Defender RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34522 |
Microsoft Defender RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34501 |
Microsoft Excel RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34518 |
Microsoft Excel RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34479 |
Microsoft Visual Studio Spoofing Vulnerability |
Spoofing |
7.8 |
Less Likely |
CVE-2021-34439 |
Microsoft Windows Media Foundation RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34441 |
Microsoft Windows Media Foundation RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34503 |
Microsoft Windows Media Foundation RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34452 |
Microsoft Word RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34521 |
Raw Image Extension RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34460 |
Storage Spaces Controller EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34512 |
Storage Spaces Controller EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34510 |
Storage Spaces Controller EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34513 |
Storage Spaces Controller EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34477 |
Visual Studio Code .NET Runtime EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34528 |
Visual Studio Code RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34529 |
Visual Studio Code RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34516 |
Win32k EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34504 |
Windows Address Book RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34459 |
Windows AppContainer EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-33784 |
Windows Cloud Files Mini Filter Driver EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34488 |
Windows Console Driver EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34461 |
Windows Container Isolation FS Filter Driver EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-33759 |
Windows Desktop Bridge EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34455 |
Windows File History Service EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34438 |
Windows Font Driver Host RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-34498 |
Windows GDI EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34511 |
Windows Installer EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34514 |
Windows Kernel EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-33740 |
Windows Media RCE Vulnerability |
RCE |
7.8 |
Less Likely |
CVE-2021-33743 |
Windows Projected File System EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-33761 |
Windows Remote Access Connection Manager EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-33773 |
Windows Remote Access Connection Manager EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34456 |
Windows Remote Access Connection Manager EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-34445 |
Windows Remote Access Connection Manager EoP Vulnerability |
EoP |
7.8 |
Less Likely |
CVE-2021-31979 |
Windows Kernel EoP Vulnerability |
EoP |
7.8 |
Detected |
CVE-2021-33771 |
Windows Kernel EoP Vulnerability |
EoP |
7.8 |
Detected |
CVE-2021-33758 |
Windows Hyper-V Denial of Service Vulnerability |
Denial of Service |
7.7 |
Less Likely |
CVE-2021-31206 |
Microsoft Exchange Server RCE Vulnerability |
RCE |
7.6 |
Less Likely |
CVE-2021-31984 |
Power BI RCE Vulnerability |
RCE |
7.6 |
Less Likely |
CVE-2021-34476 |
Bowser.sys Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-33785 |
Windows AF_UNIX Socket Provider Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-34442 |
Windows DNS Server Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-33788 |
Windows LSA Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-31183 |
Windows TCP/IP Driver Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-34490 |
Windows TCP/IP Driver Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-33772 |
Windows TCP/IP Driver Denial of Service Vulnerability |
Denial of Service |
7.5 |
Less Likely |
CVE-2021-33766 |
Microsoft Exchange Information Disclosure Vulnerability |
Information Disclosure |
7.3 |
Less Likely |
CVE-2021-31196 |
Microsoft Exchange Server RCE Vulnerability |
RCE |
7.2 |
Less Likely |
CVE-2021-34467 |
Microsoft SharePoint Server RCE Vulnerability |
RCE |
7.1 |
More Likely |
CVE-2021-34468 |
Microsoft SharePoint Server RCE Vulnerability |
RCE |
7.1 |
More Likely |
CVE-2021-34449 |
Win32k EoP Vulnerability |
EoP |
7 |
More Likely |
CVE-2021-33751 |
Storage Spaces Controller EoP Vulnerability |
EoP |
7 |
Less Likely |
CVE-2021-34462 |
Windows AppX Deployment Extensions EoP Vulnerability |
EoP |
7 |
Less Likely |
CVE-2021-33774 |
Windows Event Tracing EoP Vulnerability |
EoP |
7 |
Less Likely |
CVE-2021-34497 |
Windows MSHTML Platform RCE Vulnerability |
RCE |
6.8 |
Less Likely |
CVE-2021-34447 |
Windows MSHTML Platform RCE Vulnerability |
RCE |
6.8 |
Less Likely |
CVE-2021-34448 |
Scripting Engine Memory Corruption Vulnerability |
RCE |
6.8 |
Detected |
CVE-2021-34493 |
Windows Partition Management Driver EoP Vulnerability |
EoP |
6.7 |
Less Likely |
CVE-2021-33745 |
Windows DNS Server Denial of Service Vulnerability |
Denial of Service |
6.5 |
Less Likely |
CVE-2021-34444 |
Windows DNS Server Denial of Service Vulnerability |
Denial of Service |
6.5 |
Less Likely |
CVE-2021-34499 |
Windows DNS Server Denial of Service Vulnerability |
Denial of Service |
6.5 |
Less Likely |
CVE-2021-34507 |
Windows Remote Assistance Information Disclosure Vulnerability |
Information Disclosure |
6.5 |
Less Likely |
CVE-2021-33783 |
Windows SMB Information Disclosure Vulnerability |
Information Disclosure |
6.5 |
Less Likely |
CVE-2021-33755 |
Windows Hyper-V Denial of Service Vulnerability |
Denial of Service |
6.3 |
Less Likely |
CVE-2021-34500 |
Windows Kernel Memory Information Disclosure Vulnerability |
Information Disclosure |
6.3 |
Less Likely |
CVE-2021-33765 |
Windows Installer Spoofing Vulnerability |
Spoofing |
6.2 |
Less Likely |
CVE-2021-31961 |
Windows InstallService EoP Vulnerability |
EoP |
6.1 |
Less Likely |
CVE-2021-33764 |
Windows Key Distribution Center Information Disclosure Vulnerability |
Information Disclosure |
5.9 |
Less Likely |
CVE-2021-34466 |
Windows Hello SFB Vulnerability |
SFB |
5.7 |
Less Likely |
CVE-2021-34440 |
GDI+ Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-33760 |
Media Foundation Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-34509 |
Storage Spaces Controller Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-34491 |
Win32k Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-33782 |
Windows Authenticode Spoofing Vulnerability |
Spoofing |
5.5 |
Less Likely |
CVE-2021-34496 |
Windows GDI Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-33763 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-34454 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-34457 |
Windows Remote Access Connection Manager Information Disclosure Vulnerability |
Information Disclosure |
5.5 |
Less Likely |
CVE-2021-34451 |
Microsoft Office Online Server Spoofing Vulnerability |
Spoofing |
5.3 |
Less Likely |
CVE-2021-34519 |
Microsoft SharePoint Server Information Disclosure Vulnerability |
Information Disclosure |
5.3 |
Less Likely |
CVE-2021-34517 |
Microsoft SharePoint Server Spoofing Vulnerability |
Spoofing |
5.3 |
Less Likely |
CVE-2021-33744 |
Windows Secure Kernel Mode SFB Vulnerability |
SFB |
5.3 |
Less Likely |
CVE-2021-33757 |
Windows Security Account Manager Remote Protocol SFB Vulnerability |
SFB |
5.3 |
Less Likely |
CVE-2021-33753 |
Microsoft Bing Search Spoofing Vulnerability |
Spoofing |
4.7 |
Less Likely |