This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2017-7269
Vendor: Microsoft
Product: Internet Information Services (IIS)
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-36948
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-38649
Vendor: Microsoft
Product: Open Management Infrastructure (OMI)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2020-0688
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0143
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2016-7255
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0708
Vendor: Microsoft
Product: Remote Desktop Services
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-34473
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1464
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1732
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-34527
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-07-20
Description:
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31207
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0803
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CVE-2020-1040
Vendor: Microsoft
Product: Hyper-V RemoteFX
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-28310
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs: