مایکروسافت به روز رسانی امنیتی سه شنبه های این ماه را منتشر کرده است. در این به روز رسانی 9 آسیب پذیری Zero-day و جمعا 117 آسیب پذیری رفع شده است.
از این تعداد آسیب پذیری، 44 مورد اجرای کد از راه دور، 32 مورد elevation of privilege، چهارده آسیب پذیری افشای اطلاعات، 12 مورد انکار سرویس و 8 آسیب پذیری security feature bypass و 7 مورد آسیب پذیری Spoofing هستند.
9 آسیب پذیری Zero-day با چهار Exploit فعال
مایکروسافت یک آسیب پذیری Zero-day را با عناوین publicly disclosed یا actively exploited بدون آپدیت امنیتی رسمی و منتشر شده دسته بندی می کند.
* 5مورد که به صورت عمومی منتشر شده اما exploit نشده :
- CVE-2021-34492 – Windows Certificate Spoofing Vulnerability
- CVE-2021-34523 – Microsoft Exchange Server Elevation of Privilege Vulnerability
- CVE-2021-34473 – Microsoft Exchange Server Remote Code Execution Vulnerability
- CVE-2021-33779 – Windows ADFS Security Feature Bypass Vulnerability
- CVE-2021-33781 – Active Directory Security Feature Bypass Vulnerability
*آسیب پذیری PrintNightmare
- CVE-2021-34527 – Windows Print Spooler Remote Code Execution Vulnerability
* 3 آسیب پذیری که exploit شده اند ولی به صورت عمومی افشا نشده اند :
- CVE-2021-33771 – Windows Kernel Elevation of Privilege Vulnerability
- CVE-2021-34448 – Scripting Engine Memory Corruption Vulnerability
- CVE-2021-31979 – Windows Kernel Elevation of Privilege Vulnerability
فهرست کامل به روز رسانی های این ماه در جدول زیر قابل مشاهده است:
| Tag | CVE ID | CVE Title | Severity |
|---|---|---|---|
| Active Directory Federation Services | CVE-2021-33779 | Windows ADFS Security Feature Bypass Vulnerability | Important |
| Common Internet File System | CVE-2021-34476 | Bowser.sys Denial of Service Vulnerability | Important |
| Dynamics Business Central Control | CVE-2021-34474 | Dynamics Business Central Remote Code Execution Vulnerability | Critical |
| Microsoft Bing | CVE-2021-33753 | Microsoft Bing Search Spoofing Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-31206 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-34473 | Microsoft Exchange Server Remote Code Execution Vulnerability | Critical |
| Microsoft Exchange Server | CVE-2021-33766 | Microsoft Exchange Information Disclosure Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-34523 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-31196 | Microsoft Exchange Server Remote Code Execution Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-33768 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Exchange Server | CVE-2021-34470 | Microsoft Exchange Server Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-34440 | GDI+ Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-34489 | DirectWrite Remote Code Execution Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-34496 | Windows GDI Information Disclosure Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-34498 | Windows GDI Elevation of Privilege Vulnerability | Important |
| Microsoft Graphics Component | CVE-2021-34438 | Windows Font Driver Host Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2021-34469 | Microsoft Office Security Feature Bypass Vulnerability | Important |
| Microsoft Office | CVE-2021-34451 | Microsoft Office Online Server Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2021-34452 | Microsoft Word Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-34501 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2021-34518 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-34468 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-34519 | Microsoft SharePoint Server Information Disclosure Vulnerability | Moderate |
| Microsoft Office SharePoint | CVE-2021-34520 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-34517 | Microsoft SharePoint Server Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2021-34467 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Scripting Engine | CVE-2021-34448 | Scripting Engine Memory Corruption Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-33778 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-31947 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-33740 | Windows Media Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Codecs Library | CVE-2021-33760 | Media Foundation Information Disclosure Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-33775 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-33776 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-33777 | HEVC Video Extensions Remote Code Execution Vulnerability | Important |
| Microsoft Windows Codecs Library | CVE-2021-34521 | Raw Image Extension Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2021-34499 | Windows DNS Server Denial of Service Vulnerability | Important |
| Microsoft Windows DNS | CVE-2021-33746 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows DNS | CVE-2021-33754 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Microsoft Windows Media Foundation | CVE-2021-34441 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Important |
| Microsoft Windows Media Foundation | CVE-2021-34439 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| Microsoft Windows Media Foundation | CVE-2021-34503 | Microsoft Windows Media Foundation Remote Code Execution Vulnerability | Critical |
| OpenEnclave | CVE-2021-33767 | Open Enclave SDK Elevation of Privilege Vulnerability | Important |
| Power BI | CVE-2021-31984 | Power BI Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-33749 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-33745 | Windows DNS Server Denial of Service Vulnerability | Important |
| Role: DNS Server | CVE-2021-34442 | Windows DNS Server Denial of Service Vulnerability | Important |
| Role: DNS Server | CVE-2021-34444 | Windows DNS Server Denial of Service Vulnerability | Important |
| Role: DNS Server | CVE-2021-34525 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-33780 | Windows DNS Server Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-34494 | Windows DNS Server Remote Code Execution Vulnerability | Critical |
| Role: DNS Server | CVE-2021-33750 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-33752 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Role: DNS Server | CVE-2021-33756 | Windows DNS Snap-in Remote Code Execution Vulnerability | Important |
| Role: Hyper-V | CVE-2021-33758 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Hyper-V | CVE-2021-33755 | Windows Hyper-V Denial of Service Vulnerability | Important |
| Role: Hyper-V | CVE-2021-34450 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| Visual Studio Code | CVE-2021-34529 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-34528 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Visual Studio Code | CVE-2021-34479 | Microsoft Visual Studio Spoofing Vulnerability | Important |
| Visual Studio Code – .NET Runtime | CVE-2021-34477 | Visual Studio Code .NET Runtime Elevation of Privilege Vulnerability | Important |
| Windows Active Directory | CVE-2021-33781 | Active Directory Security Feature Bypass Vulnerability | Important |
| Windows Address Book | CVE-2021-34504 | Windows Address Book Remote Code Execution Vulnerability | Important |
| Windows AF_UNIX Socket Provider | CVE-2021-33785 | Windows AF_UNIX Socket Provider Denial of Service Vulnerability | Important |
| Windows AppContainer | CVE-2021-34459 | Windows AppContainer Elevation Of Privilege Vulnerability | Important |
| Windows AppX Deployment Extensions | CVE-2021-34462 | Windows AppX Deployment Extensions Elevation of Privilege Vulnerability | Important |
| Windows Authenticode | CVE-2021-33782 | Windows Authenticode Spoofing Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2021-33784 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Console Driver | CVE-2021-34488 | Windows Console Driver Elevation of Privilege Vulnerability | Important |
| Windows Defender | CVE-2021-34522 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| Windows Defender | CVE-2021-34464 | Microsoft Defender Remote Code Execution Vulnerability | Critical |
| Windows Desktop Bridge | CVE-2021-33759 | Windows Desktop Bridge Elevation of Privilege Vulnerability | Important |
| Windows Event Tracing | CVE-2021-33774 | Windows Event Tracing Elevation of Privilege Vulnerability | Important |
| Windows File History Service | CVE-2021-34455 | Windows File History Service Elevation of Privilege Vulnerability | Important |
| Windows Hello | CVE-2021-34466 | Windows Hello Security Feature Bypass Vulnerability | Important |
| Windows HTML Platform | CVE-2021-34446 | Windows HTML Platforms Security Feature Bypass Vulnerability | Important |
| Windows Installer | CVE-2021-33765 | Windows Installer Spoofing Vulnerability | Important |
| Windows Installer | CVE-2021-34511 | Windows Installer Elevation of Privilege Vulnerability | Important |
| Windows Installer | CVE-2021-31961 | Windows InstallService Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-34461 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-34508 | Windows Kernel Remote Code Execution Vulnerability | Important |
| Windows Kernel | CVE-2021-34458 | Windows Kernel Remote Code Execution Vulnerability | Critical |
| Windows Kernel | CVE-2021-33771 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-31979 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-34514 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2021-34500 | Windows Kernel Memory Information Disclosure Vulnerability | Important |
| Windows Key Distribution Center | CVE-2021-33764 | Windows Key Distribution Center Information Disclosure Vulnerability | Important |
| Windows Local Security Authority Subsystem Service | CVE-2021-33788 | Windows LSA Denial of Service Vulnerability | Important |
| Windows Local Security Authority Subsystem Service | CVE-2021-33786 | Windows LSA Security Feature Bypass Vulnerability | Important |
| Windows MSHTML Platform | CVE-2021-34497 | Windows MSHTML Platform Remote Code Execution Vulnerability | Critical |
| Windows MSHTML Platform | CVE-2021-34447 | Windows MSHTML Platform Remote Code Execution Vulnerability | Important |
| Windows Partition Management Driver | CVE-2021-34493 | Windows Partition Management Driver Elevation of Privilege Vulnerability | Important |
| Windows PFX Encryption | CVE-2021-34492 | Windows Certificate Spoofing Vulnerability | Important |
| Windows Print Spooler Components | CVE-2021-34527 | Windows Print Spooler Remote Code Execution Vulnerability | Critical |
| Windows Projected File System | CVE-2021-33743 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2021-34457 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2021-33761 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2021-33773 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2021-33763 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2021-34445 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Access Connection Manager | CVE-2021-34456 | Windows Remote Access Connection Manager Elevation of Privilege Vulnerability | Important |
| Windows Remote Assistance | CVE-2021-34507 | Windows Remote Assistance Information Disclosure Vulnerability | Important |
| Windows Secure Kernel Mode | CVE-2021-33744 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | Important |
| Windows Security Account Manager | CVE-2021-33757 | Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability | Important |
| Windows Shell | CVE-2021-34454 | Windows Remote Access Connection Manager Information Disclosure Vulnerability | Important |
| Windows SMB | CVE-2021-33783 | Windows SMB Information Disclosure Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-33751 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34460 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34509 | Storage Spaces Controller Information Disclosure Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34510 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34512 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2021-34513 | Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2021-31183 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2021-33772 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2021-34490 | Windows TCP/IP Driver Denial of Service Vulnerability | Important |
| Windows Win32K | CVE-2021-34449 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2021-34516 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K | CVE-2021-34491 | Win32k Information Disclosure Vulnerability | Important |
