This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2016-0185
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0683
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.
Required Action:
Apply updates per vendor instructions.
CVE-2020-17087
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-33742
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31199
Vendor: Microsoft
Product: Enhanced Cryptographic Provider
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-33771
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31956
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31201
Vendor: Microsoft
Product: Enhanced Cryptographic Provider
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-31979
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0938
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-17144
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0986
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1020
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-38645
Vendor: Microsoft
Product: Open Management Infrastructure (OMI)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-34523
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs: