This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2017-0199
Vendor: Microsoft
Product: Office and WordPad
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2020-1380
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1429
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-11774
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0968
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1472
Vendor: Microsoft
Product: Netlogon
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-26855
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-26858
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CVE-2021-27065
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1054
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1675
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-34448
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0601
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0604
Vendor: Microsoft
Product: SharePoint
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0646
Vendor: Microsoft
Product: .NET Framework
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs: