Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Adobe Acrobat and Adobe Reader Vulnerabilities
October 13, 2021
Rewterz
Rewterz Threat Alert – Lazarus APT Group – Active IOCs
October 13, 2021

Rewterz Threat Advisory – Multiple Microsoft .NET Core, Visual Studio, Dynamics 365

Severity

High

Analysis Summary

CVE-2021-41355 

Microsoft .NET Core and Visual Studio could allow a remote attacker to obtain sensitive information. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability to obtain sensitive information and then use this information to launch further attacks against the affected system.

CVE-2021-41353 

Microsoft Dynamics 365 Sales could allow a remote authenticated attacker to conduct spoofing attacks.

CVE-2021-41354 

Microsoft Dynamics 365 (on-premises) is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

CVE-2021-41357 

Microsoft Windows could allow a locally authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Win32k. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.

Impact

  • Information Disclosure
  • Cross-Site Scripting

Affected Vendors

Microsoft

Affected Products

  • Microsoft Visual Studio 2019 16.0
  • Microsoft Visual Studio 2019 16.1
  • Microsoft Visual Studio 2019 16.2
  • Microsoft Visual Studio 2019 16.3
  • Microsoft Visual Studio 2019 16.4
  • Microsoft Visual Studio 2019 16.5
  • Microsoft Visual Studio 2019 16.6
  • Microsoft Visual Studio 2019 16.7
  • Microsoft Visual Studio 2019 16.8
  • Microsoft Visual Studio 2019 16.9
  • Microsoft Visual Studio 2019 16.10
  • Microsoft Visual Studio 2019 16.11
  • Microsoft Dynamics 365 Sales
  • Microsoft Dynamics 365 9.0 on-premise
  • Microsoft Dynamics 365 9.1 on-premise
  • Microsoft Windows 10 2004 for 32-bit Systems
  • Microsoft Windows 10 2004 for ARM64-based Systems
  • Microsoft Windows 10 2004 for x64-based Systems
  • Microsoft Windows 10 21H1 for 32-bit Systems
  • Microsoft Windows 10 21H1 for ARM64-based Systems
  • Microsoft Windows 10 21H1 for x64-based Systems
  • Microsoft Windows Server 2022
  • Microsoft Windows Server (Server Core installation) 2022
  • Microsoft Windows 11 x32
  • Microsoft Windows 11 x64
  • Microsoft Windows 11 ARM64
  • Microsoft Windows 10 21H2 for 32-bit Systems
  • Microsoft Windows 10 21H2 for ARM64-based Systems
  • Microsoft Windows 10 21H2 for x64-based Systems

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2021-41355 

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41355

CVE-2021-41353 

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41353

CVE-2021-41354 

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41354

CVE-2021-41357 

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2021-41357