This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-31199
Vendor: Microsoft
Product: Enhanced Cryptographic Provider
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-33771
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31956
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-31201
Vendor: Microsoft
Product: Enhanced Cryptographic Provider
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-31979
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0938
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-17144
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0986
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1020
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-38645
Vendor: Microsoft
Product: Open Management Infrastructure (OMI)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-34523
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-7269
Vendor: Microsoft
Product: Internet Information Services (IIS)
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-36948
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2021-38649
Vendor: Microsoft
Product: Open Management Infrastructure (OMI)
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Required Action:
Apply updates per vendor instructions.
CVE-2020-0688
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs: