This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2019-0541
Vendor: Microsoft
Product: MSHTML
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-11882
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0674
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-27059
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2019-1367
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-0199
Vendor: Microsoft
Product: Office and WordPad
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Required Action:
Apply updates per vendor instructions.
CVE-2020-1380
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2019-1429
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2017-11774
Vendor: Microsoft
Product: Office
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-0968
Vendor: Microsoft
Product: Internet Explorer
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1472
Vendor: Microsoft
Product: Netlogon
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-26855
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-26858
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CVE-2021-27065
Vendor: Microsoft
Product: Exchange Server
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-1054
Vendor: Microsoft
Product: Win32k
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Required Action:
Apply updates per vendor instructions.
CWEs: