This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2021-28310
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1350
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.
Required Action:
Apply updates per vendor instructions.
CVE-2021-26411
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0859
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CVE-2021-40444
Vendor: Microsoft
Product: MSHTML
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-8759
Vendor: Microsoft
Product: .NET Framework
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-8653
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-0797
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CVE-2021-36942
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1215
Vendor: Microsoft
Product: Windows
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.
Required Action:
Apply updates per vendor instructions.
CVE-2018-0798
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2018-0802
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2012-0158
Vendor: Microsoft
Product: MSCOMCTL.OCX
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2015-1641
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27085
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.